97 matches found
CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...
CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...
CVE-2026-22609 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafeimports method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected...
CVE-2026-22608
CVE-2026-22608 (Fickling) affects the Python tool Fickling (pickling decompiler/static analyzer). Before version 0.1.7, ctypes and pydoc were not explicitly blocked, allowing chaining (via pydoc.locate to get ctypes.windll.kernel32.WinExec) to achieve remote code execution while the file is repor...
CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...
EUVD-2026-1686
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...
CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...
CVE-2026-22608 Fickling vulnerable to use of ctypes and pydoc gadget chain to bypass detection
Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools like picklescan do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still...
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
EUVD-2026-1687
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
CVE-2026-22607
Summary (CVE-2026-22607 – Fickling) Fickling (Python pickling decompiler/static analyzer) versions up to and including 0.1.6 fail to treat the Python module cProfile as unsafe. This causes a malicious pickle using cProfile.run() to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS, potent...
CVE-2026-22607 Fickling Blocklist Bypass: cProfile.run()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user relies on...
CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...
CVE-2026-22606
CVE-2026-22606 affects Fickling (Python pickling decompiler/static analyzer) up to version 0.1.6. The root cause is that the runpy module (including run_path and run_module) was not treated as unsafe, causing some malicious pickles to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. Thi...
CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...
CVE-2026-22606 Fickling has a bypass via runpy.run_path() and runpy.run_module()
Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.runpath or runpy.runmodule is classified as SUSPICIOUS instead of OVERTLYMALICIOUS. If a user...
Fickling 代码问题漏洞
Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. Fickling 0.1.7 before the version of the code problem vulnerability , the vulnerability stems from the existence of detection blindness to the builder module , which may lead to detection bypass...
Fickling 代码问题漏洞
Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the cProfile module as insecure, which could lead to the execution of attacker-controlled code...
Fickling 代码问题漏洞
Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in Fickling version 0.1.6 and earlier, which stems from failing to mark the runpy module as unsafe, which could lead to the execution of attacker-controlled code...