{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-3490: picklescan - Universal Blocklist Bypass via pkgutil.resolve_name","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-3490","status":"final","version":"1","initial_release_date":"2026-06-17T15:05:01.522Z","current_release_date":"2026-06-17T15:05:01.522Z","revision_history":[{"date":"2026-06-17T15:05:01.522Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-3490 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-3490"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-3490"},{"category":"external","summary":"GHSA Advisory GHSA-vvpj-8cmc-gx39","url":"https://github.com/mmaitre314/picklescan/security/advisories/GHSA-vvpj-8cmc-gx39"},{"category":"external","summary":"VulnCheck Advisory: picklescan - Universal Blocklist Bypass via pkgutil.resolve_name","url":"https://www.vulncheck.com/advisories/picklescan-universal-blocklist-bypass-via-pkgutil-resolve-name"}]},"product_tree":{"branches":[{"category":"vendor","name":"picklescan","branches":[{"category":"product_name","name":"picklescan","branches":[{"category":"product_version_range","name":"<1.0.4","product":{"name":"picklescan picklescan <1.0.4","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:picklescan:picklescan:*:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"1.0.4","product":{"name":"picklescan picklescan 1.0.4","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:picklescan:picklescan:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-3490","title":"picklescan - Universal Blocklist Bypass via pkgutil.resolve_name","notes":[{"category":"description","text":"picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote code execution.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"],"fixed":["CSAFPID-2"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H","baseScore":10,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 1.0.4.","product_ids":["CSAFPID-1"]}]}]}