CVE-2025-71340

HIGH NVD

CVSS Score 8.1

Severity HIGH

Published Jun 25, 2026

Vendor unknown

Description

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in __reduce__ methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load(), enabling supply chain attacks on PyTorch models and saved Python objects. This is fixed in version 0.0.30.

References

https://github.com/mmaitre314/picklescan/security/advisories/GHSA-3gf5-cxq9-w223
https://www.vulncheck.com/advisories/picklescan-remote-code-execution-via-idlelib-pyshell-modifiedinterpreter-runcode