CVE-2026-22612 | THREATINT

Description

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

PUBLISHED Reserved 2026-01-07 | Published 2026-01-10 | Updated 2026-01-12 | Assigner GitHub_M

HIGH: 8.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

< 0.1.7

affected

References

github.com/...ckling/security/advisories/GHSA-h4rm-mm56-xf63 exploit

github.com/...ckling/security/advisories/GHSA-h4rm-mm56-xf63

github.com/...ommit/9f309ab834797f280cb5143a2f6f987579fa7cdf

github.com/trailofbits/fickling/releases/tag/v0.1.7

cve.org (CVE-2026-22612)

nvd.nist.gov (CVE-2026-22612)

Download JSON