Home

Description

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.

PUBLISHED Reserved 2026-06-20 | Published 2026-07-04 | Updated 2026-07-06 | Assigner VulnCheck




HIGH: 7.6CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Deserialization of Untrusted Data

Product status

Default status
unaffected

Any version before 0.0.29
affected

0.0.29 (semver)
unaffected

Credits

FredericDT reporter

References

github.com/...lescan/security/advisories/GHSA-f54q-57x4-jg88 exploit

github.com/...lescan/security/advisories/GHSA-f54q-57x4-jg88 (GitHub Security Advisory (GHSA-f54q-57x4-jg88)) vendor-advisory

www.vulncheck.com/...via-lib2to3-pgen2-grammar-grammar-loads (VulnCheck Advisory: picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads) third-party-advisory

cve.org (CVE-2025-71359)

nvd.nist.gov (CVE-2025-71359)

Download JSON