CVE-2026-53873
Received Received - Intake
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: VulnCheck

Description
picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing attackers to achieve arbitrary code execution via exec(). Attackers can craft malicious pickle files calling profile.run(statement) to execute arbitrary Python code while picklescan reports zero security issues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-53873
EUVD
EUVD-2026-37739
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
picklescan picklescan to 1.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability involves malicious pickle files that call the module-level profile.run() function to execute arbitrary Python code while picklescan fails to detect it due to an incomplete blocklist.

To detect exploitation attempts on your system or network, you can monitor for suspicious pickle files or Python processes invoking profile.run().

  • Use file scanning tools to identify pickle files containing calls to profile.run(), for example by searching for the string 'profile.run' within pickle files.
  • Monitor running Python processes for usage of the profile module's run function, e.g., by inspecting process command lines or using debugging/tracing tools.
  • Example command to search for suspicious pickle files in a directory: grep -r --binary-files=text 'profile.run' /path/to/pickle/files
  • Use Python scripts to safely load and inspect pickle files for calls to profile.run(), but only in a controlled environment to avoid code execution.
Mitigation Strategies

The primary mitigation is to update picklescan to version 1.0.4 or later, where the blocklist has been fixed to explicitly block the module-level profile.run() function.

Until the update is applied, avoid processing untrusted pickle files with picklescan or any system that uses it, as malicious files can execute arbitrary code.

  • Upgrade picklescan to version 1.0.4 or newer.
  • Restrict or monitor the use of pickle files from untrusted sources.
  • Implement additional security controls such as sandboxing or running pickle processing in isolated environments.
Executive Summary

CVE-2026-53873 is a security vulnerability in the picklescan tool versions before 1.0.4. The vulnerability arises because picklescan has an incomplete blocklist for the profile module. Specifically, it blocks the class methods Profile.run and Profile.runctx but fails to block the module-level profile.run() function.

The module-level profile.run() internally uses exec(), which allows execution of arbitrary Python code. Attackers can craft malicious pickle files that call profile.run(statement) to execute arbitrary code while picklescan incorrectly reports zero security issues.

The root cause is an exact string comparison in the blocklist check that does not match 'run' with 'Profile.run', allowing this bypass.

Impact Analysis

This vulnerability allows attackers to achieve arbitrary code execution remotely without requiring any privileges or user interaction.

By exploiting this flaw, attackers can execute malicious Python code on systems using vulnerable versions of picklescan, potentially leading to full system compromise.

Because picklescan reports no security issues when this attack is performed, it can lead to a false sense of security and undetected exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53873. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart