CVE-2026-22609

HIGH

Fickling <0.1.7 - Code Injection

Title source: llm

Description

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. This issue has been patched in version 0.1.7.

References (6)

[Patch] https://github.com/trailofbits/fickling/commit/29d5545e74b07766892c1f0461b801afccee4f91

View Patch ZIP pw:eip

[Patch] https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66

[Patch] https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1

[Patch] https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9

[Release Notes] https://github.com/trailofbits/fickling/releases/tag/v0.1.7

[Exploit, Vendor Advisory] https://github.com/trailofbits/fickling/security/advisories/GHSA-q5qq-mvfm-j35x

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 13.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-184 CWE-502

Status published

Affected Products (2)

trailofbits/fickling < 0.1.7

pypi/fickling < 0.1.7PyPI

Timeline

Published Jan 10, 2026

Tracked Since Feb 18, 2026