Description
picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked modules to achieve remote code execution while bypassing picklescan's safety validation entirely.
Published: 2026-06-23
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

picklescan before 1.0.4 does not block at least seven Python standard library modules, exposing eight functions that allow arbitrary command execution; attackers can craft malicious pickle files that import these unblocked modules, achieving remote code execution while bypassing picklescan's safety validation entirely. This flaw is classified as CWE-184, representing an unrestricted reading of data that leads to code injection.

Affected Systems

The vulnerability affects picklescan by picklescan, specifically all versions older than 1.0.4. Systems running these earlier releases are exposed to user-supplied pickle deserialization that can execute arbitrary code.

Risk and Exploitability

The CVSS score is 9.3, indicating critical severity; EPSS information is currently unavailable, so the exact exploit likelihood is uncertain, and the vulnerability is not listed in the CISA KEV catalog. The attack vector involves sending crafted pickle payloads that import unblocked standard library modules, enabling remote code execution without triggering any safety checks. Because picklescan performs no additional validation, any process that calls picklescan with untrusted data is a potential entry point for exploitation.

Generated by OpenCVE AI on June 23, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update picklescan to version 1.0.4 or later, which blocks the identified standard library modules and removes the execution vector.
  • If an immediate upgrade is not possible, refactor the application to eliminate unsafe pickle deserialization or enforce a strict whitelist that excludes the problematic modules.
  • Audit all code paths that import or load picklescan and verify that no untrusted pickle data is processed; consider using safer serialization methods such as JSON or protocol buffers where possible.

Generated by OpenCVE AI on June 23, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description picklescan before 1.0.4 fails to block at least seven Python standard library modules (including uuid, _osx_support, _aix_support, _pyrepl.pager, and imaplib) exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked modules to achieve remote code execution while bypassing picklescan's safety validation entirely.
Title picklescan - Remote Code Execution via Unblocked Standard Library Modules
First Time appeared Mmaitre314
Mmaitre314 picklescan
Weaknesses CWE-184
CPEs cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*
Vendors & Products Mmaitre314
Mmaitre314 picklescan
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mmaitre314 Picklescan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-23T13:16:50.727Z

Reserved: 2026-06-20T12:59:07.917Z

Link: CVE-2026-56315

cve-icon Vulnrichment

Updated: 2026-06-23T13:16:22.658Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T16:00:05Z

Weaknesses
  • CWE-184

    Incomplete List of Disallowed Inputs