CVE-2026-53875
HIGH 7.1picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load().
ELEVATED IMPACT
Severe if exploited (CVSS 7.1), but no known exploitation and low modeled probability. Patch on a normal cadence.
Exploitation likelihood
0.4%chance of exploitation in 30 days · 35th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
7.1CVSS 4.0 · HIGH
- ConfidentialityNone
- IntegrityHigh
- AvailabilityNone
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ✓Privileges: No account or privileges required
- ⚠User interaction: Succeeds with passive user activity
- ✓Complexity: No special conditions — reliably repeatable
- ✓Requirements: No special attack requirements
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-95
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N