PT-2026-55704 · Trailofbits · Fickling
Christopher Aziz
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14534
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trail of Bits fickling versions 0.1.10 and earlier
Description
An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The
UNSAFE IMPORTS denylist in fickle.py fails to include critical Python standard library modules, specifically posixsubprocess, site, and atexit. This allows a crafted malicious pickle payload to bypass the check safety() function, which may incorrectly classify the payload as safe. When an application uses the fickling.load() API to deserialize this untrusted content, it can lead to arbitrary code execution. This is achieved by invoking dangerous functions such as posixsubprocess.fork exec(), site.execsitecustomize(), or atexit. run exitfuncs().Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary mitigation, avoid using the
fickling.load() API to process untrusted pickle content.Incomplete List of Disallowed Inputs
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fickling