CVE-2026-53874: picklescan - Arbitrary Code Execution via Obfuscated eval Call

Synopsis

An arbitrary code execution vulnerability exists in picklescan, a tool used to detect malicious pickle files. The flaw is reachable over the network, requires no authentication, and no victim interaction, based on the CVSS v4.0 vector (AV:N/PR:N/UI:N). An attacker can craft a pickle file that embeds obfuscated eval calls nested under callable objects via getattr, bypassing picklescan's detection and executing arbitrary code when the file is loaded. A patched-image rebuild at version 1.0.1 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Exploit Conditions

• Network reachabilityRequired

  The attacker must be able to deliver a crafted pickle file to the target service over the network, exposing any internet-accessible or network-reachable endpoint that loads pickle input.

• AuthenticationNot required

  No credentials or session tokens are needed; the attack can be triggered by any unauthenticated party who can supply a pickle file to the affected application.

• Victim interactionNot required

  Exploitation is automatic upon the application loading the malicious pickle file; no user click, approval, or other interaction is required.

• Attack complexityDetail

  The exploit is reliable and condition-free: no race conditions, specific memory layouts, or environmental prerequisites are needed to trigger code execution.

Blast Radius

• Executes arbitrary OS commands or spawns processes under the identity of the service loading the pickle file.
• Reads any files, environment variables, or secrets accessible to that process, including API keys and credentials mounted in the container.
• Writes or overwrites files on the container filesystem, enabling persistent backdoor installation or data corruption.
• Crashes or degrades the affected service by consuming resources or corrupting application state.