PT-2026-55705 · Trailofbits · Fickling

Christopher Aziz

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14535

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions prior to 0.1.12
Description An issue exists where the UnsafeImportsML analysis pass unconditionally calls the AnalysisContext.shorten code(node) function on every import node. This action populates a shared AnalysisContext.reported shortened code set, which causes the subsequent MLAllowlist analysis pass to skip its allowlist checks entirely. Consequently, the MLAllowlist pass becomes dead code and fails to identify imports of modules outside the known-safe ML ecosystem. This allows standard library modules not present in the UNSAFE IMPORTS denylist to be invoked via pickle deserialization when the fickling.load() API calls check safety(), which incorrectly returns a LIKELY SAFE verdict, leading to the execution of the payload.
Recommendations Update to a version newer than 0.1.11.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14535

Affected Products

Fickling