PT-2026-55704 · Trailofbits · Fickling

Christopher Aziz

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14534

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions 0.1.10 and earlier
Description An improper input validation issue exists in the denylist logic used to analyze pickle opcode imports. The UNSAFE IMPORTS denylist in fickle.py fails to include critical Python standard library modules, specifically posixsubprocess, site, and atexit. This allows a crafted malicious pickle payload to bypass the check safety() function, which may incorrectly classify the payload as safe. When an application uses the fickling.load() API to deserialize this untrusted content, it can lead to arbitrary code execution. This is achieved by invoking dangerous functions such as posixsubprocess.fork exec(), site.execsitecustomize(), or atexit. run exitfuncs().
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary mitigation, avoid using the fickling.load() API to process untrusted pickle content.

Incomplete List of Disallowed Inputs

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14534

Affected Products

Fickling