CVE-2026-53872
HighCVSS 7.5Summary
Picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen.
Risk Assessment
Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.
Recommendation
It is recommended to update picklescan to version 0.0.35 or later to mitigate this vulnerability.
Original NVD description (English source)
picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to external servers.

