CVE-2026-22609

HIGH

Fickling <0.1.7 - Code Injection

Title source: llm

Description

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. This issue has been patched in version 0.1.7.

References (6)

[Exploit, Vendor Advisory] https://github.com/trailofbits/fickling/security/advisories/GHSA-q5qq-mvfm-j35x

[Patch] https://github.com/trailofbits/fickling/commit/29d5545e74b07766892c1f0461b801afccee4f91

View Patch ZIP pw:eip

[Patch] https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66

[Patch] https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1

[Patch] https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9

[Release Notes] https://github.com/trailofbits/fickling/releases/tag/v0.1.7

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-184 CWE-502

Status published

Products (2)

pypi/fickling 0 - 0.1.7PyPI

trailofbits/fickling < 0.1.7

Published Jan 10, 2026

Tracked Since Feb 18, 2026