Loading market data...
← Back to CVE feed

CVE-2025-71378

HIGH CVSS 8.1 View on NVD ↗

Description

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load().

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Published: Jun 21, 2026 14:16 UTC Modified: Jun 21, 2026 14:16 UTC