WRITEUP

WRITEUP

Exploit for CVE-2026-22608 - Fickling <0.1.7 - RCE

AI Analysis

This patch addresses CVE-2026-22608 by adding 'ctypes' and 'pydoc' to the list of unsafe imports in the fickling library, which is used for analyzing pickled Python objects. The patch includes test cases demonstrating how these modules can be exploited for remote code execution (RCE) via deserialization attacks.

Attack Type

deserialization

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1558 - Steal or Forge Kerberos Tickets T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1

Authors

Thomas Chauchefoin

Vulnerability

CVE-2026-22608

Fickling <0.1.7 - RCE

HIGH

CVSS 7.8