CVE-2026-3490
CRITICALpicklescan - Universal Blocklist Bypass via pkgutil.resolve_name
Title source: cnaDescription
picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GHSA Advisory GHSA-vvpj-8cmc-gx39
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vvpj-8cmc-gx39
Third Party Advisory third-party-advisory
VulnCheck Advisory: picklescan - Universal Blocklist Bypass via pkgutil.resolve_name
https://www.vulncheck.com/advisories/picklescan-universal-blocklist-bypass-via-pkgutil-resolve-name
Scores
CVSS v3
10.0
EPSS
0.0062
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-183
Status
published
Products (3)
picklescan/picklescan
< 1.0.4
picklescan/picklescan
1.0.4
pypi/picklescan
0 - 1.0.4PyPI
Published
Jun 17, 2026
Tracked Since
Jun 17, 2026