PT-2026-55670 · Picklescan · Picklescan
Fredericdt
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2025-71353
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch. dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picklescan