CNNVD-202601-1766 Information

CNNVD ID

CNNVD-202601-1766

Related CVE

CVE-2026-22606

• CNNVD Published: 2026-01-10

Description (Chinese)

Fickling是Trail of Bits开源的一个Python的反编译器和静态分析器。 Fickling 0.1.6及之前版本存在代码问题漏洞，该漏洞源于未将runpy模块标记为不安全，可能导致执行攻击者控制的代码。

Description (English)

Pickling is a Python back compiler and static analyser of Trail of Bits open source. Fickling 0.1.6 and previous versions had a code gap, which stemmed from the failure to mark the Runpy module as unsafe and could lead to the implementation of the code controlled by the attackers.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Trail of Bits

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 https://github.com/trailofbits/fickling/security/advisories/GHSA-wfq2-52f7-7qvj

Patch

https://github.com/trailofbits/fickling/releases