picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation. | |
| Title | picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files | |
| First Time appeared |
Mmaitre314
Mmaitre314 picklescan |
|
| Weaknesses | CWE-693 | |
| CPEs | cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Mmaitre314
Mmaitre314 picklescan |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-30T22:08:17.415Z
Reserved: 2026-06-20T12:55:02.882Z
Link: CVE-2025-71352
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T23:30:04Z