CVE-2026-3490

CRITICAL

picklescan - Universal Blocklist Bypass via pkgutil.resolve_name

Title source: cna
STIX 2.1

Description

picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GHSA Advisory GHSA-vvpj-8cmc-gx39
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vvpj-8cmc-gx39
Third Party Advisory third-party-advisory
VulnCheck Advisory: picklescan - Universal Blocklist Bypass via pkgutil.resolve_name
https://www.vulncheck.com/advisories/picklescan-universal-blocklist-bypass-via-pkgutil-resolve-name

Scores

CVSS v3 10.0
EPSS 0.0062
EPSS Percentile 45.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-183
Status published
Products (3)
picklescan/picklescan < 1.0.4
picklescan/picklescan 1.0.4
pypi/picklescan 0 - 1.0.4PyPI
Published Jun 17, 2026
Tracked Since Jun 17, 2026