Home

Description

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files.

PUBLISHED Reserved 2026-06-20 | Published 2026-07-04 | Updated 2026-07-06 | Assigner VulnCheck




HIGH: 7.6CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Deserialization of Untrusted Data

Product status

Default status
unaffected

Any version before 0.0.28
affected

0.0.28 (semver)
unaffected

Credits

FredericDT reporter

References

github.com/...lescan/security/advisories/GHSA-4r9r-ch6f-vxmx exploit

github.com/...lescan/security/advisories/GHSA-4r9r-ch6f-vxmx (GitHub Security Advisory (GHSA-4r9r-ch6f-vxmx)) vendor-advisory

www.vulncheck.com/...orch-utils-bottleneck-main-run-cprofile (VulnCheck Advisory: picklescan - Arbitrary Code Execution via torch.utils.bottleneck.__main__.run_cprofile) third-party-advisory

cve.org (CVE-2025-71366)

nvd.nist.gov (CVE-2025-71366)

Download JSON