216.73.216.89

CVE-2026-53875

· Published 17/06/2026 19:17 · Author: The MITRE Corporation

Labels: CVE-2026-53875 2026-06-17CVE-2026-53875CWE-95[email protected]

Essential information

Published
17/06/2026 19:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.1 HIGH (v4.0)
CISA KEV
No
CWE
CWE-95
CVSS vector

CVSS metrics

Description

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan_pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the __reduce__ trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load().

NVD status

NVD
View on NVD