Fickling · Fickling · CVE-2026-22607
**Name of the Vulnerable Software and Affected Versions**
Fickling versions up to and including 0.1.6
**Description**
Fickling, a Python pickling decompiler and static analyzer, incorrectly classifies pickles utilizing the `cProfile.run()` function as SUSPICIOUS instead of OVERTLY MALICIOUS. This misclassification can lead users to execute attacker-controlled code if they rely on Fickling’s output to determine pickle safety for deserialization. This issue impacts any workflow or product using Fickling as a security gate for pickle deserialization.
**Recommendations**
Versions up to and including 0.1.6 should be updated to version 0.1.7 or later.