CVE-2026-22612: Fickling vulnerable to detection bypass due to "builtins" blindness
(updated )
Fickling works by Pickle bytecode –> AST –> Security analysis However while going from bytecode to AST, some import nodes are removed which blinds the security analysis
fickling/fickling/fickle.py
def run(self, interpreter: Interpreter):
module, attr = self.module, self.attr
if module in ("__builtin__", "__builtins__", "builtins"):
References
- github.com/advisories/GHSA-h4rm-mm56-xf63
- github.com/trailofbits/fickling
- github.com/trailofbits/fickling/blob/977b0769c13537cd96549c12bb537f05464cf09c/test/test_bypasses.py
- github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf
- github.com/trailofbits/fickling/pull/195
- github.com/trailofbits/fickling/releases/tag/v0.1.7
- github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63
- nvd.nist.gov/vuln/detail/CVE-2026-22612
Code Behaviors & Features
Detect and mitigate CVE-2026-22612 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →