Description
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
Severity (CVSS)
| Base score | 7.6 |
|---|---|
| Severity | High |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| Provided by | CNA |
Weaknesses
- CWE-502 — Deserialization of Untrusted Data
Affected products
| Vendor | Product | Versions |
|---|---|---|
| picklescan | picklescan | 0 to <0.0.28; 0.0.28 |
References
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.