PT-2026-55705 · Trailofbits · Fickling
Christopher Aziz
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14535
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trail of Bits fickling versions prior to 0.1.12
Description
An issue exists where the
UnsafeImportsML analysis pass unconditionally calls the AnalysisContext.shorten code(node) function on every import node. This action populates a shared AnalysisContext.reported shortened code set, which causes the subsequent MLAllowlist analysis pass to skip its allowlist checks entirely. Consequently, the MLAllowlist pass becomes dead code and fails to identify imports of modules outside the known-safe ML ecosystem. This allows standard library modules not present in the UNSAFE IMPORTS denylist to be invoked via pickle deserialization when the fickling.load() API calls check safety(), which incorrectly returns a LIKELY SAFE verdict, leading to the execution of the payload.Recommendations
Update to a version newer than 0.1.11.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fickling