CVE-2026-53875
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| picklescan | picklescan | 0 < 1.0.3 | affected |
| picklescan | picklescan | 1.0.3 | unaffected |
Weaknesses
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://github.com/mmaitre314/picklescan/security/advisories/GHSA-97f8-7cmv-76j2
- https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f
- https://github.com/mmaitre314/picklescan/commit/134179474539648ba7dee1317959529fbd0e7f89
- https://www.vulncheck.com/advisories/picklescan-scanning-bypass-via-dynamic-eval-in-scan-pytorch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.