CVE-2026-3490 | picklescan before 1.0.4 fails to block pkgutil.resolve_name,… | CVSS 10.0 CRITICAL

Description

picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution.

Metadata

CVE ID: CVE-2026-3490
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-03-03 16:11 UTC
Published: 2026-06-17 15:05 UTC
Last updated: 2026-06-17 15:05 UTC
Primary CWE: CWE-183
Permissive List of Allowed Inputs
Vendor / Product: picklescan / picklescan
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
picklescan	picklescan	—	0 < 1.0.4, 1.0.4

Weakness (CWE)

CWE	Source	Description
CWE-183	cna	Permissive List of Allowed Inputs

CVSS scores (2)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (2)

GHSA Advisory GHSA-vvpj-8cmc-gx39 https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vvpj-8cmc-gx39
VulnCheck Advisory: picklescan - Universal Blocklist Bypass via pkgutil.resolve_name https://www.vulncheck.com/advisories/picklescan-universal-blocklist-bypass-via-pkgutil-resolve-name