CVE Catalog

CVE-2026-56304

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile — higher than 20% of all known CVEs

Summary

Picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts.

Risk Assessment

Organizations may be exposed to attacks leading to denial of service or application disruption. The potential creation of unauthorized files could affect system integrity.

Recommendation

It is recommended to upgrade to version 1.0.1 or later to mitigate this vulnerability. Additionally, conducting a security audit of applications using picklescan is advisable.

Original NVD description (English source)

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS