Fickling vulnerable to detection bypass due to “builtins” blindness

8.9 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

AI Analysis

Detection bypass vulnerability due to 'builtins' blindness in Fickling prior to version 0.1.7

Basic Information

ID CVE-2026-22612

Source GitHub_M

Published Jan 10, 2026 at 01:35

Affected Product

Vendor trailofbits

Product fickling

Version < 0.1.7

Affected Versions trailofbits fickling < 0.1.7

CWE Classification

CWE-502

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor Trail of Bits

Product Fickling

Version < 0.1.7

References

{
    "lastseen": "",
    "description": "Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to \"builtins\" blindness. This issue has been patched in version 0.1.7.",
    "published": "2026-01-10T01:35:25.197Z",
    "modified": "2026-01-10T01:35:25.197Z",
    "type": "cve",
    "title": "Fickling vulnerable to detection bypass due to \"builtins\" blindness",
    "source": "GitHub_M",
    "references": "https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63\nhttps://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf\nhttps://github.com/trailofbits/fickling/releases/tag/v0.1.7",
    "id": "CVE-2026-22612",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "trailofbits fickling < 0.1.7",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "fickling",
    "version": "< 0.1.7",
    "vendor": "trailofbits",
    "ai_description": "Detection bypass vulnerability due to 'builtins' blindness in Fickling prior to version 0.1.7",
    "ai_severity": "High",
    "ai_vendor": "Trail of Bits",
    "ai_product": "Fickling",
    "ai_version": "< 0.1.7",
    "ai_score": 8.9
}

Fickling vulnerable to detection bypass due to “builtins” blindness_CVE-2026-22612