Skip to main content

picklescan CVE-2026-56304

| EUVD-2026-38123 MEDIUM
Deserialization of Untrusted Data (CWE-502)
2026-06-20 VulnCheck GHSA-hqgf-f82p-fjh7
Deserialization Denial Of Service Picklescan
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable with no auth or interaction (AV:N/PR:N/UI:N); impact limited to file creation (I:L) and lock-file DoS (A:L); no confidentiality impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jun 22, 2026 - 06:20 vuln.today
Analysis Generated
Jun 22, 2026 - 06:20 vuln.today
Patch available
Jun 20, 2026 - 17:16 EUVD

DescriptionCVE.org

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.

AnalysisAI

Unsafe pickle deserialization in picklescan before 1.0.1 allows unauthenticated remote attackers to create arbitrary zero-byte files on the server by crafting malicious pickle payloads that instantiate Python's standard-library logging.FileHandler class. This technique bypasses RCE-focused blocklists because it abuses legitimate standard library functionality rather than commonly blocked modules, making it a notable blocklist-evasion primitive. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Submit crafted pickle file to picklescan service
Delivery
picklescan deserializes payload during scan
Exploit
REDUCE opcode instantiates logging.FileHandler
Execution
FileHandler creates zero-byte file at attacker-specified path
Persist
Lock file triggers application logic disruption
Impact
Denial of service achieved
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The target system must be running picklescan version below 1.0.1 and must accept or process pickle files from untrusted sources (e.g., user uploads, network-delivered scan targets). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L) scores 6.9, reflecting a moderate severity due to constrained impact - integrity and availability are both Low, and confidentiality is unaffected. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker submits a specially crafted pickle file to any service or pipeline that invokes picklescan to analyze user-uploaded files. The malicious pickle uses the REDUCE opcode to call logging.FileHandler('maintenance.lock'), which picklescan deserializes during scanning; this creates a zero-byte maintenance.lock file in the working directory. …
Remediation Upgrade picklescan to version 1.0.1 immediately; this is the vendor-confirmed fixed version per the GHSA advisory (https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r) and the upstream fix is available via commit 4d9bc9cd34bca8672dad3481cd4556d5ba747156 and pull request https://github.com/mmaitre314/picklescan/pull/60. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-3490 CRITICAL
10.0 Jun 17

Remote code execution against users of picklescan versions prior to 1.0.4 is achievable by smuggling any blocked functio
CVE-2025-71320 CRITICAL
9.3 Jun 17

Arbitrary code execution in picklescan before 0.0.33 allows remote attackers to bypass the scanner's malicious-pickle de
CVE-2025-71321 CRITICAL
9.3 Jun 17

Arbitrary file write in picklescan before 0.0.33 lets attackers bypass the tool's dangerous-call blocklist by abusing di
CVE-2025-71323 CRITICAL
9.3 Jun 17

Remote code execution in picklescan before 0.0.33 enables attackers to bypass the tool's malicious-pickle detection by s
CVE-2025-71325 CRITICAL
9.3 Jun 17

Detection bypass in picklescan versions prior to 0.0.27 allows attackers to smuggle malicious Python pickle files past t

Share

CVE-2026-56304 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy