Loading market data...
← Back to CVE feed

CVE-2025-71370

HIGH CVSS 8.1 View on NVD ↗

Description

picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Published: Jun 23, 2026 13:16 UTC Modified: Jun 23, 2026 14:52 UTC