CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22606

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling’s output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.9%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2026-22606

Trailofbits » Fickling » Version: 0.0.1

cpe:2.3:a:trailofbits:fickling:0.0.1
Trailofbits » Fickling » Version: 0.0.2

cpe:2.3:a:trailofbits:fickling:0.0.2
Trailofbits » Fickling » Version: 0.0.3

cpe:2.3:a:trailofbits:fickling:0.0.3
Trailofbits » Fickling » Version: 0.0.4

cpe:2.3:a:trailofbits:fickling:0.0.4
Trailofbits » Fickling » Version: 0.0.5

cpe:2.3:a:trailofbits:fickling:0.0.5
Trailofbits » Fickling » Version: 0.0.6

cpe:2.3:a:trailofbits:fickling:0.0.6
Trailofbits » Fickling » Version: 0.0.7

cpe:2.3:a:trailofbits:fickling:0.0.7
Trailofbits » Fickling » Version: 0.0.8

cpe:2.3:a:trailofbits:fickling:0.0.8
Trailofbits » Fickling » Version: 0.1.0

cpe:2.3:a:trailofbits:fickling:0.1.0
Trailofbits » Fickling » Version: 0.1.1

cpe:2.3:a:trailofbits:fickling:0.1.1
Trailofbits » Fickling » Version: 0.1.2

cpe:2.3:a:trailofbits:fickling:0.1.2
Trailofbits » Fickling » Version: 0.1.3

cpe:2.3:a:trailofbits:fickling:0.1.3
Trailofbits » Fickling » Version: 0.1.4

cpe:2.3:a:trailofbits:fickling:0.1.4
Trailofbits » Fickling » Version: 0.1.5

cpe:2.3:a:trailofbits:fickling:0.1.5
Trailofbits » Fickling » Version: 0.1.6

cpe:2.3:a:trailofbits:fickling:0.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22606

Products

Pricing

Contact Us