CVE-2026-22612 PUBLISHED

Fickling vulnerable to detection bypass due to "builtins" blindness

Assigner: GitHub_M
Reserved: 07.01.2026 Published: 10.01.2026 Updated: 12.01.2026

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
CVSS Score: 8.9

Product Status

Vendor trailofbits
Product fickling
Versions
  • Version < 0.1.7 is affected

References

Problem Types

  • CWE-502: Deserialization of Untrusted Data CWE