CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r	Exploit Vendor Advisory
https://www.vulncheck.com/advisories/picklescan-arbitrary-file-creation-via-logging-filehandler-deserialization	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*

History

23 Jun 2026, 17:47

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mmaitre314:picklescan::::::::
References	~~() https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r -~~	() https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r - Exploit, Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/picklescan-arbitrary-file-creation-via-logging-filehandler-deserialization -~~	() https://www.vulncheck.com/advisories/picklescan-arbitrary-file-creation-via-logging-filehandler-deserialization - Third Party Advisory
First Time		Mmaitre314 picklescan Mmaitre314

20 Jun 2026, 16:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-20 16:17

Updated : 2026-06-23 17:47

NVD link : CVE-2026-56304

Mitre link : CVE-2026-56304

CVE.ORG link : CVE-2026-56304

JSON object : View

Products Affected

mmaitre314

picklescan

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2026-56304", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "disclosure@vulncheck.com", "affectedData": [{"vendor": "picklescan", "product": "picklescan", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.1", "versionType": "semver"}, {"status": "unaffected", "version": "1.0.1", "versionType": "semver"}], "packageURL": "pkg:pypi/picklescan", "defaultStatus": "unaffected"}]}], "published": "2026-06-20T16:17:05.463", "references": [{"url": "https://github.com/mmaitre314/picklescan/security/advisories/GHSA-m7j5-r2p5-c39r", "tags": ["Exploit", "Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/picklescan-arbitrary-file-creation-via-logging-filehandler-deserialization", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption."}], "lastModified": "2026-06-23T17:47:10.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mmaitre314:picklescan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F65EDFF-7FD0-49A8-9B9F-3D72E931CE82", "versionEndExcluding": "1.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}