CVE-2026-22607 - Fickling Blocklist Bypass: cProfile.run() - Guide

CVE ID : CVE-2026-22607 Published : Jan. 10, 2026, 2:15 a.m. | 1 hour, 17 minutes ago Description : Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling's output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7. Severity: 8.9 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor