{"id":"PYSEC-2026-245","details":"picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply chain attacks.","aliases":["CVE-2025-71348","GHSA-vv6j-3g6g-2pvj"],"modified":"2026-06-27T11:15:05.178767737Z","published":"2026-06-21T14:16:22.750Z","references":[{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/picklescan-arbitrary-code-execution-via-torch-utils-config-module-load-config-bypass"},{"type":"EVIDENCE","url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vv6j-3g6g-2pvj"}],"affected":[{"package":{"name":"picklescan","ecosystem":"PyPI","purl":"pkg:pypi/picklescan"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.0.28"}]}],"versions":["0.0.1","0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.15","0.0.16","0.0.17","0.0.18","0.0.19","0.0.2","0.0.20","0.0.21","0.0.22","0.0.23","0.0.24","0.0.25","0.0.26","0.0.27","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7","0.0.8","0.0.9"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/picklescan/PYSEC-2026-245.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}