External risk intelligence

Picklescan Unsafe Deserialization Code Execution Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-53874

A deserialization vulnerability in picklescan allows unauthenticated code execution via crafted pickle files. This could enable attackers to run arbitrary code when the tool loads malicious data from untrusted sources. Security leaders should verify if this tool is used and processes external data.

Deserialization

Halo Surface Signal

Unlikely · external exposure

2Halo Surface Signal

Picklescan is a developer-oriented security utility used for scanning files, typically integrated into build pipelines, local development environments, or offline security analysis workflows. While it processes data, it is not a network service, gateway, or internet-facing appliance, making public internet exposure in normal deployment patterns uncommon.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory addresses a vulnerability in a utility that scans files, specifically related to how it handles data from untrusted sources. If loaded with specially crafted data, it could allow code to be executed without authentication. The primary concern for leadership is to confirm if this specific tool is in use within the organization and if it processes external data.

  • Malicious code can hide in files.
  • Unauthenticated code execution is possible.
  • Confirm tool usage and data exposure.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker could exploit this vulnerability by sending a specially crafted pickle file to a system running picklescan. This file, when loaded by the vulnerable component, could trigger the execution of arbitrary code. The vulnerability lies in how picklescan handles deserialization, allowing for hidden malicious commands.

  • No authentication required.
  • Loading a malicious pickle file.
  • Arbitrary code execution.

Live Threat

Current exploitation, exposure, and threat context

Unauthenticated users could execute arbitrary code by loading specially crafted pickle files. This could occur when the application processes pickle files from untrusted sources, potentially leading to unauthorized code execution on the system.

  • Arbitrary code execution.
  • Loading untrusted pickle files.
  • System compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

The "picklescan" utility, when used to load untrusted pickle files, presents a critical risk of arbitrary code execution. Owners of development pipelines, build systems, or security scanning environments that incorporate "picklescan" should prioritize identifying instances of this tool, verifying if they process external data, and assessing the potential impact before planning remediation.

  • Application or security tool owners
  • Verify external data processing
  • Plan controlled remediation

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-53874 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This CVE involves unsafe deserialization allowing unauthenticated remote code execution, which would cause a PCI ASV scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is picklescan?

Picklescan is a security utility designed for developers and security teams to analyze Python pickle files. It is commonly integrated into development environments, software build pipelines, or automated workflows to detect potentially malicious content hidden within serialized data files before they are loaded by an application.

What does CVE-2026-53874 mean?

This vulnerability is an instance of Unsafe Deserialization (CWE-502). It occurs because the software fails to properly validate data before processing it. By hiding malicious commands within a pickle file, an attacker can trick the tool into running arbitrary code on the underlying system during the scanning process.

How does an attacker trigger this vulnerability?

An attacker triggers the bug by providing a specially crafted, malicious pickle file to the scanner. The vulnerability is specifically activated when the software attempts to parse this file. Simply having the utility installed does not trigger the issue; the flaw requires the tool to actively process or load data from an untrusted source.

Is my system at risk?

According to Halo Surface Signal, this software is typically used as a developer utility rather than a network-facing service, making direct internet exposure uncommon. However, you should evaluate if your internal build systems or automated pipelines are configured to scan pickle files that originate from untrusted or external locations.

What are the first steps to address this?

Begin by auditing your development and build environments to identify where picklescan is currently deployed. Determine if these instances are used to process files from external or untrusted sources. If so, prioritize restricting the input to trusted files only while you plan for an update to a version beyond 1.0.1.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished