Back to overview

CVE-2026-14534

HIGH
8.8
CVSS 3.1
Description
Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern.

Metadata

CVE ID
CVE-2026-14534
State
PUBLISHED
Assigner
BombadilSystems
Reserved
2026-07-03 00:02 UTC
Published
2026-07-04 13:25 UTC
Last updated
2026-07-04 13:25 UTC
Primary CWE
CWE-184
CWE-184 Incomplete List of Disallowed Inputs
Vendor / Product
trailofbits / fickling
Sources
cve.org  ·  NVD

Severity & Metrics

8.8 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
trailofbits fickling 0 ≤ 0.1.10, 0.1.11
Weakness (CWE)
CWESourceDescription
CWE-184 cna CWE-184 Incomplete List of Disallowed Inputs
CWE-502 cna CWE-502 Deserialization of Untrusted Data
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.8 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Back to overview