CVE-2025-71320

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Jun 17, 2026

Vendor unknown

Description

picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using these unblocked functions to achieve arbitrary code execution when the pickle is deserialized.

References

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q
https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-incomplete-disallowed-inputs
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-84r2-jw7c-4r5q