CVE advisoryCRITICAL
CVE-2026-14535
Trail of Bits Fickling Analysis Bypass Allows Unsafe Imports
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in the fickling analysis tool allows for arbitrary code execution during pickle deserialization by bypassing safety checks. This occurs due to shared state issues between analysis passes, rendering a critical allowlist check inoperative. If reachable, this could permit untrusted pickle data to be proces