Vulnerabilities ›

CVE-2026-22608

High

Fickling Python Pickle Scanner RCE Bypass via ctypes and pydoc Chain (CVE-2026-22608)

CWE-184 — Weakness Type

                    Published: Jan 10, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE. This issue has been patched in version 0.1.7.

🤖 AI Executive Summary

Fickling Python pickle analyzer versions before 0.1.7 fail to block ctypes and pydoc modules, allowing attackers to chain these for remote code execution while evading safety detection. Organizations using vulnerable versions may unknowingly process malicious pickle files classified as safe.

📄 Description (Arabic)

تحتوي نسخ Fickling السابقة للإصدار 0.1.7 على ثغرة أمان حرجة حيث لا يتم حظر وحدات ctypes و pydoc بشكل صريح. يمكن للمهاجمين ربط هذه الوحدات معاً لتحقيق تنفيذ أوامر بعيدة بينما يبلغ الماسح الضوئي عن الملف كآمن على الأرجح.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 01:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1204.003 T1059.006 T1203

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Fickling to version 0.1.7 or later immediately. Review all pickle file processing workflows and implement additional validation layers. Consider using alternative serialization formats instead of pickle for untrusted data sources.

🔧 خطوات المعالجة (العربية)

قم بترقية Fickling إلى الإصدار 0.1.7 أو أحدث فوراً. راجع جميع سير العمل لمعالجة ملفات pickle وطبق طبقات تحقق إضافية. فكر في استخدام تنسيقات تسلسل بديلة بدلاً من pickle للبيانات غير الموثوقة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.1.1 A.2.1 A.3.1

🔵 SAMA CSF

ID.BE-1 PR.DS-1 PR.DS-2

🟡 ISO 27001:2022

A.12.2.1 A.14.2.1 A.14.2.5

🔗 References & Sources 4

🔗

https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1

security-advisories@github.com

Patch

🔗

https://github.com/trailofbits/fickling/releases/tag/v0.1.7

security-advisories@github.com

Release Notes

🔗

https://github.com/trailofbits/fickling/security/advisories/GHSA-5hvc-6wx8-mvv4

security-advisories@github.com

Vendor Advisory

🔗

https://github.com/trailofbits/fickling/security/advisories/GHSA-5hvc-6wx8-mvv4

134c704f-9b21-4f2e-91b3-4a467353bcc0

Vendor Advisory

📦 Affected Products / CPE 1 entries

trailofbits:fickling

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-184

EPSS0.04%

Exploit No

Patch ✓ Yes

Published 2026-01-10

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-184

🏢 Vendor Advisories

🔗 https://github.com/trailofbits/fickling/security/adv... 🔗 https://github.com/trailofbits/fickling/security/adv...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-22608

💬 Comments

Introduce Yourself

Sign In Required