PT-2026-50453 · Picklescan · Picklescan

Yarienkiva

Published

2026-06-17

Updated

2026-06-17

CVE-2025-71322

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

CVE-2025-71322

Affected Products

Picklescan

PT-2026-50453 · Picklescan · Picklescan

CVE-2025-71322

Weakness Enumeration

Related Identifiers

Affected Products

References · 2