GHSA-x36p-c636-788xHighCVSS 8.1

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py...

Published
June 23, 2026
Last Modified
June 23, 2026

🔗 CVE IDs covered (1)

📋 Description

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded.

🔗 References (4)