Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total5
Critical0
High5
Medium0
Reset
Showing 1-5 of 5 records
Threat Entry Updated 2026-01-16

CVE-2026-22612 - Fickling Plugin

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

PLUGIN Fickling

CVE-2026-22612

HIGH CVSS 8.9 2026-01-10
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-22609 - Fickling Plugin

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling's primary static safety checks. This issue has been patched in version 0.1.7.

PLUGIN Fickling

CVE-2026-22609

HIGH CVSS 8.9 2026-01-10
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-22608 - Fickling Plugin

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE. This issue has been patched in version 0.1.7.

PLUGIN Fickling

CVE-2026-22608

HIGH CVSS 8.9 2026-01-10
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-22607 - Fickling Plugin

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in…

PLUGIN Fickling

CVE-2026-22607

HIGH CVSS 8.9 2026-01-10
Open Full Technical Breakdown
Threat Entry Updated 2026-01-16

CVE-2026-22606 - Fickling Plugin

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling’s output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been…

PLUGIN Fickling

CVE-2026-22606

HIGH CVSS 8.9 2026-01-10
Open Full Technical Breakdown
Scroll to top