CVE-2026-56304
Received Received - Intake
Unsafe Pickle Deserialization in Picklescan

Publication date: 2026-06-20

Last updated on: 2026-06-20

Assigner: VulnCheck

Description
picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-20
Last Modified
2026-06-20
Generated
2026-06-20
AI Q&A
2026-06-20
EPSS Evaluated
N/A
NVD
CVE-2026-56304
EUVD
EUVD-2026-38123
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-56304 is a vulnerability in the picklescan package versions before 1.0.1 that involves unsafe pickle deserialization.

This flaw allows unauthenticated attackers to create arbitrary zero-byte files on the server by exploiting the logging.FileHandler class from Python's standard library.

Attackers craft malicious pickle payloads that bypass Remote Code Execution (RCE) blocklists and cause the creation of empty files, such as lock files, which can disrupt application logic or cause denial of service.

Impact Analysis

The vulnerability can lead to the creation of arbitrary zero-byte files anywhere on the filesystem where the application has write permissions.

This can cause filesystem pollution or logic disruption, for example by creating lock files that prevent the application from starting.

As a result, it may cause denial of service (DoS) or application disruption, impacting availability and reliability.

Detection Guidance

This vulnerability involves the creation of arbitrary zero-byte files via unsafe pickle deserialization using the logging.FileHandler class. Detection can focus on identifying unexpected zero-byte files or lock files created in the filesystem, which may indicate exploitation attempts.

You can search for zero-byte files or suspicious lock files in directories used by the picklescan application or related services. For example, on a Unix-like system, you might use commands like:

  • find /path/to/application -type f -size 0
  • find /path/to/application -name '*.lock'

Additionally, monitoring logs for unusual pickle deserialization attempts or unexpected instantiations of logging.FileHandler objects could help detect exploitation, but specific commands for this are not provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade the picklescan package to version 1.0.1 or later, where this unsafe pickle deserialization vulnerability has been fixed.

Until an upgrade can be applied, consider restricting or monitoring the use of pickle deserialization in your environment, especially where untrusted data might be processed.

Also, monitor and clean up any zero-byte files or lock files created by exploitation attempts to prevent denial of service or application disruption.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-56304 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56304. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart