GHSA-mhc9-48gj-9gp3: Fickling has safety check bypass via REDUCE+BUILD opcode sequence
mediumvulnerability
security
Source: GitHub Advisory DatabaseFebruary 25, 2026
Summary
Fickling (a Python library for analyzing pickle files, a Python serialization format) has a safety bypass where dangerous operations like network connections and file access are falsely marked as safe when certain opcodes (REDUCE and BUILD, which are pickle instructions) appear in sequence. Attackers can add a simple BUILD opcode to any malicious pickle to evade all five of fickling's safety detection methods.
Solution / Mitigation
Potentially unsafe modules have been added to a blocklist in https://github.com/trailofbits/fickling/commit/0c4558d950daf70e134090573450ddcedaf10400.
Classification
Attack Type
Model Poisoning
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Affected Packages
fickling@<= 0.1.7 (fixed: 0.1.8)
Related Issues
Original source: https://github.com/advisories/GHSA-mhc9-48gj-9gp3
First tracked: February 25, 2026 at 11:00 AM
Classified by LLM (prompt v3) · confidence: 85%