{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22612", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-07T21:50:39.534Z", "datePublished": "2026-01-10T01:35:25.197Z", "dateUpdated": "2026-01-12T18:18:29.466Z"}, "containers": {"cna": {"title": "Fickling vulnerable to detection bypass due to \"builtins\" blindness", "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63"}, {"name": "https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf", "tags": ["x_refsource_MISC"], "url": "https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf"}, {"name": "https://github.com/trailofbits/fickling/releases/tag/v0.1.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/trailofbits/fickling/releases/tag/v0.1.7"}], "affected": [{"vendor": "trailofbits", "product": "fickling", "versions": [{"version": "< 0.1.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T01:35:25.197Z"}, "descriptions": [{"lang": "en", "value": "Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to \"builtins\" blindness. This issue has been patched in version 0.1.7."}], "source": {"advisory": "GHSA-h4rm-mm56-xf63", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T18:18:26.699622Z", "id": "CVE-2026-22612", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T18:18:29.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22612", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-12T18:18:26.699622Z"}}}], "references": [{"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T18:18:14.299Z"}}], "cna": {"title": "Fickling vulnerable to detection bypass due to \"builtins\" blindness", "source": {"advisory": "GHSA-h4rm-mm56-xf63", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "trailofbits", "product": "fickling", "versions": [{"status": "affected", "version": "< 0.1.7"}]}], "references": [{"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63", "name": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf", "name": "https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/trailofbits/fickling/releases/tag/v0.1.7", "name": "https://github.com/trailofbits/fickling/releases/tag/v0.1.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to \"builtins\" blindness. This issue has been patched in version 0.1.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T01:35:25.197Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22612", "state": "PUBLISHED", "dateUpdated": "2026-01-12T18:18:29.466Z", "dateReserved": "2026-01-07T21:50:39.534Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-10T01:35:25.197Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trailofbits:fickling:*:*:*:*:*:python:*:*", "matchCriteriaId": "0D11EA35-A440-4468-BC69-709AA3A18DD9", "versionEndExcluding": "0.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to \"builtins\" blindness. This issue has been patched in version 0.1.7."}], "id": "CVE-2026-22612", "lastModified": "2026-01-16T18:56:30.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-10T02:15:50.187", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/trailofbits/fickling/releases/tag/v0.1.7"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"], "url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:15:29.908808+00:00", "value": {"mitigation_remediation": ["Upgrade to Fickling 0.1.7 or later.", "Restrict Fickling to handle only trusted pickle files.", "Sanitize the execution environment by running Fickling as a non\u2011privileged user and inside a sandbox."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary Code Execution"}, "threat_synthesis": {"affected_systems": "TrailofBits' Fickling tool is affected, specifically all releases prior to version 0.1.7. Users of any earlier version of Fickling should be aware that the builtins blindness issue could be exploited when processing untrusted pickle data.", "description_and_impact": "Fickling, a Python pickling decompiler and static analyzer, contains a builtins blindness flaw that allows an attacker to bypass detection mechanisms. This flaw permits the execution of arbitrary code through improperly deserialized pickles. The vulnerability is classified as CWE-502, which describes deserialization of untrusted data leading to unintended code execution.", "risk_and_exploitability": "The CVSS score of 8.9 highlights high severity, and the EPSS score of less than 1% indicates a low likelihood of exploitation, yet the flaw remains dangerous because it could lead to code execution when Fickling processes external data. The vulnerability is not listed in the CISA KEV catalog. A likely attack vector is local execution by an attacker who supplies or modifies pickle files that Fickling will analyze."}}}}, "created": "2026-01-12T14:36:43.935193+00:00", "updated": "2026-04-18T07:30:36.017178+00:00", "vendors": ["trailofbits", "trailofbits$PRODUCT$fickling"]}