picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files.
References
Configurations
No configuration.
History
06 Jul 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/mmaitre314/picklescan/security/advisories/GHSA-4r9r-ch6f-vxmx - |
04 Jul 2026, 02:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-04 02:16
Updated : 2026-07-06 18:19
NVD link : CVE-2025-71366
Mitre link : CVE-2025-71366
CVE.ORG link : CVE-2025-71366
JSON object : View
Products Affected
No product.
CWE
CWE-502
Deserialization of Untrusted Data
