CYBERHAWK / CVE / CVE-2026-53874

CVE-2026-53874

CRITICAL CVSS 9.8 other

The flaw

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle f

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-53874

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits