picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch | Advisories

Advisories

picklescan - Scanning Bypass via Dynamic Eval in scan_pytorch

severity: high
date: 6/17/2026
Affecting: picklescan >= 0, < 1.0.3
CVE: CVE-2026-53875
CWE: CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVSS: 7.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References: GHSA Advisory GHSA-97f8-7cmv-76j2
https://github.com/mmaitre314/picklescan/commit/2a8383cfeb4158567f9770d86597300c9e508d0f
https://github.com/mmaitre314/picklescan/commit/134179474539648ba7dee1317959529fbd0e7f89
Credit: zpbrent
Description: picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load().

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo