CVE-2026-56304
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
Picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts.
Risk Assessment
Organizations may be exposed to attacks leading to denial of service or application disruption. The potential creation of unauthorized files could affect system integrity.
Recommendation
It is recommended to upgrade to version 1.0.1 or later to mitigate this vulnerability. Additionally, conducting a security audit of applications using picklescan is advisable.
Original NVD description (English source)
picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create lock files or other filesystem artifacts, potentially causing denial of service or application disruption.

