CNNVD-202601-1765 Information

Jan 10, 2026 cve

CNNVD ID

CNNVD-202601-1765

CVE-2026-22609

  • CNNVD Published: 2026-01-10

Description (Chinese)

Fickling是Trail of Bits开源的一个Python的反编译器和静态分析器。 Fickling 0.1.7之前版本存在代码问题漏洞,该漏洞源于静态分析器未能标记高风险模块,可能导致绕过安全检查并执行任意代码。

Description (English)

Pickling is a Python back compiler and static analyser of Trail of Bits open source. There was a code problem gap in the previous version of Pickling 0.1.7, which stemmed from the static analyser ’ s failure to mark high-risk modules, which could lead to the circumvention of security checks and the implementation of arbitrary codes.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Trail of Bits

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/trailofbits/fickling/commit/29d5545e74b07766892c1f0461b801afccee4f91 https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66 https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1 https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 https://github.com/trailofbits/fickling/security/advisories/GHSA-q5qq-mvfm-j35x

Patch

https://github.com/trailofbits/fickling/releases

Share on: