CVE-2026-22612

Published: Jan 10, 2026Modified: Jan 16, 2026

8.9

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security-advisories@github.com (Secondary)

Description

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

Affected (1)

Products: Trailofbits: Fickling

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trailofbits Fickling	Before 0.1.7

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf

Source: security-advisories@github.com

Patch

https://github.com/trailofbits/fickling/releases/tag/v0.1.7

Source: security-advisories@github.com

Release Notes

https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63

Source: security-advisories@github.com

Vendor Advisory

https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Vendor Advisory

Timeline

No history available yet.