7 matches found
CVE-2026-22612
Summary of CVE-2026-22612 : Fickling (Python pickling decompiler/static analyzer) before version 0.1.7 is vulnerable to a detection bypass caused by “builtins” blindness. This allows crafted pickle payloads to bypass security analysis, as shown by example payloads that construct and execute code ...
CVE-2026-22606
CVE-2026-22606 affects Fickling (Python pickling decompiler/static analyzer) up to version 0.1.6. The root cause is that the runpy module (including run_path and run_module) was not treated as unsafe, causing some malicious pickles to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS. Thi...
CVE-2026-22608
CVE-2026-22608 (Fickling) affects the Python tool Fickling (pickling decompiler/static analyzer). Before version 0.1.7, ctypes and pydoc were not explicitly blocked, allowing chaining (via pydoc.locate to get ctypes.windll.kernel32.WinExec) to achieve remote code execution while the file is repor...
CVE-2026-22609
Affected software/issue: Fickling (Python pickling decompiler/static analyzer) prior to v0.1.7. Root cause: unsafe_imports() in the static analyzer fails to flag several high-risk modules, allowing malicious pickles to bypass safety checks. Impact (as stated): potential arbitrary code execution v...
CVE-2025-67748
Fickling CVE-2025-67748 describes a bypass in which the blocklist of unsafe imports did not include pty, allowing unsafe pickles using pty.spawn() to be misclassified as LIKELY_SAFE. The root cause is documented as the unsafe-imports check missing pty in version
CVE-2026-22607
Summary (CVE-2026-22607 – Fickling) Fickling (Python pickling decompiler/static analyzer) versions up to and including 0.1.6 fail to treat the Python module cProfile as unsafe. This causes a malicious pickle using cProfile.run() to be classified as SUSPICIOUS rather than OVERTLY_MALICIOUS, potent...
CVE-2025-67747
CVE-2025-67747 concerns Fickling, a Python pickle analysis tool. Multiple sources document that versions prior to 0.1.6 did not include marshal and types in the unsafe-import blocklist, allowing a crafted pickle to bypass safety checks due to missing detections for marshal.loads and types.Functio...