{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53873", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-10T21:23:54.283Z", "datePublished": "2026-06-17T15:05:02.886Z", "dateUpdated": "2026-06-17T18:12:06.841Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-17T15:05:02.886Z"}, "datePublic": "2026-03-02T00:00:00.000Z", "title": "picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass", "descriptions": [{"lang": "en", "value": "picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via exec(). Attackers can craft malicious pickle files calling profile.run(statement) to execute arbitrary Python code while picklescan reports zero security issues."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incomplete List of Disallowed Inputs", "cweId": "CWE-184", "type": "CWE"}]}], "affected": [{"vendor": "picklescan", "product": "picklescan", "defaultStatus": "unaffected", "packageURL": "pkg:pypi/picklescan", "versions": [{"version": "0", "status": "affected", "versionType": "semver", "lessThan": "1.0.4"}, {"version": "1.0.4", "status": "unaffected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.4"}]}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL"}}, {"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh", "name": "GHSA Advisory GHSA-7wx9-6375-f5wh", "tags": ["vendor-advisory"]}, {"name": "VulnCheck Advisory: picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-profile-run-blocklist-bypass"}], "credits": [{"lang": "en", "value": "yash2998chhabria", "type": "reporter"}], "x_generator": {"engine": "vulncheck-endgame"}}, "adp": [{"references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T17:59:00.556527Z", "id": "CVE-2026-53873", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T18:12:06.841Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-53873", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-17T17:59:00.556527Z"}}}], "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T18:00:07.769Z"}}], "cna": {"title": "picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass", "credits": [{"lang": "en", "type": "reporter", "value": "yash2998chhabria"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "picklescan", "product": "picklescan", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.4", "versionType": "semver"}, {"status": "unaffected", "version": "1.0.4", "versionType": "semver"}], "packageURL": "pkg:pypi/picklescan", "defaultStatus": "unaffected"}], "datePublic": "2026-03-02T00:00:00.000Z", "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-7wx9-6375-f5wh", "name": "GHSA Advisory GHSA-7wx9-6375-f5wh", "tags": ["vendor-advisory"]}, {"url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-profile-run-blocklist-bypass", "name": "VulnCheck Advisory: picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck-endgame"}, "descriptions": [{"lang": "en", "value": "picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via exec(). Attackers can craft malicious pickle files calling profile.run(statement) to execute arbitrary Python code while picklescan reports zero security issues."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-184", "description": "Incomplete List of Disallowed Inputs"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.0.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-17T15:05:02.886Z"}}}, "cveMetadata": {"cveId": "CVE-2026-53873", "state": "PUBLISHED", "dateUpdated": "2026-06-17T18:12:06.841Z", "dateReserved": "2026-06-10T21:23:54.283Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-06-17T15:05:02.886Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{}

{}