Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)
Summary
| CVE | CVE-2026-14534 |
|---|---|
| State | PUBLISHED |
| Assigner | BombadilSystems |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-04 14:16:28 UTC |
| Updated | 2026-07-04 14:16:28 UTC |
| Description | Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from aa17e1a1-c329-4d6e-a1ed-8d0188aea082
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-184 | CWE-502 | CWE-184 CWE-184 Incomplete List of Disallowed Inputs | CWE-502 CWE-502 Deserialization of Untrusted Data
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | aa17e1a1-c329-4d6e-a1ed-8d0188aea082 | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Trailofbits | Fickling | affected 0.1.10 custom | Not specified |
| CNA | Trailofbits | Fickling | unaffected 0.1.11 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697 | aa17e1a1-c329-4d6e-a1ed-8d0188aea082 | github.com | |
| github.com/trailofbits/fickling/pull/272 | aa17e1a1-c329-4d6e-a1ed-8d0188aea082 | github.com | |
| github.com/trailofbits/fickling/commit/e8408615b63adf034f891f653692ab9b5... | aa17e1a1-c329-4d6e-a1ed-8d0188aea082 | github.com | |
| github.com/trailofbits/fickling/releases/tag/v0.1.11 | aa17e1a1-c329-4d6e-a1ed-8d0188aea082 | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Christopher Aziz (Bombadil Systems LLC) (en)
There are currently no legacy QID mappings associated with this CVE.