High severityOSV Advisory· Published Jan 10, 2026· Updated Jan 13, 2026

Fickling Blocklist Bypass: cProfile.run()

CVE-2026-22607

Description

Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
ficklingPyPI	< 0.1.7	0.1.7

Affected products

Trailofbits/FicklingOSV
Range: master, v0.0.1, v0.0.2, …

Patches

dc8ae12966ed

Add cProfile to unsafe imports

https://github.com/trailofbits/ficklingThomas ChauchefoinJan 7, 2026via ghsa

commit

2 files changed · +29 −0

fickling/fickle.py+1 −0 modified

@@ -879,6 +879,7 @@ def unsafe_imports(self) -> Iterator[ast.Import | ast.ImportFrom]:
                 "marshal",
                 "types",
                 "runpy",
+                "cProfile",
             ):
                 yield node
             elif "eval" in (n.name for n in node.names):

test/test_bypasses.py+28 −0 modified

@@ -111,3 +111,31 @@ def test_missing_runpy(self):
             res.detailed_results()["AnalysisResult"].get("UnsafeImports"),
             "from runpy import run_path",
         )
+
+    # https://github.com/trailofbits/fickling/security/advisories/GHSA-p523-jq9w-64x9
+    def test_missing_cprofile(self):
+        pickled = Pickled(
+            [
+                op.Proto.create(5),
+                op.Frame(58),
+                op.ShortBinUnicode("cProfile"),
+                op.Memoize(),
+                op.ShortBinUnicode("run"),
+                op.Memoize(),
+                op.StackGlobal(),
+                op.Memoize(),
+                op.ShortBinUnicode("print('CPROFILE_RCE_CONFIRMED')"),
+                op.Memoize(),
+                op.TupleOne(),
+                op.Memoize(),
+                op.Reduce(),
+                op.Memoize(),
+                op.Stop(),
+            ]
+        )
+        res = check_safety(pickled)
+        self.assertGreater(res.severity, Severity.LIKELY_SAFE)
+        self.assertEqual(
+            res.detailed_results()["AnalysisResult"].get("UnsafeImports"),
+            "from cProfile import run",
+        )

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-p523-jq9w-64x9ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-22607ghsaADVISORY
github.com/trailofbits/fickling/blob/977b0769c13537cd96549c12bb537f05464cf09c/test/test_bypasses.pyghsaWEB
github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43ghsax_refsource_MISCWEB
github.com/trailofbits/fickling/pull/108ghsaWEB
github.com/trailofbits/fickling/pull/187ghsaWEB
github.com/trailofbits/fickling/pull/195ghsaWEB
github.com/trailofbits/fickling/releases/tag/v0.1.7ghsax_refsource_MISCWEB
github.com/trailofbits/fickling/security/advisories/GHSA-565g-hwwr-4pp3ghsaWEB
github.com/trailofbits/fickling/security/advisories/GHSA-p523-jq9w-64x9ghsax_refsource_CONFIRMWEB
github.com/trailofbits/fickling/security/advisories/GHSA-r7v6-mfhq-g3m2ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000