CVE-2026-22612

High

Published: 10 January 2026

Published

10 January 2026

Modified

16 January 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22612 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Trailofbits Fickling. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Python (T1059.006) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2026-22612 by requiring timely identification, prioritization, and application of the patch in Fickling version 0.1.7 to remediate the builtins blindness flaw.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables proactive detection of vulnerable Fickling installations prior to version 0.1.7 through continuous vulnerability scanning and monitoring of advisories like GHSA-h4rm-mm56-xf63.

SI-10 Information Input Validation partial match

prevent

Addresses deserialization risks from CWE-502 by validating pickle file inputs to Fickling, reducing the chance of processing crafted files that exploit builtins blindness.

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution

Adversaries may abuse Python commands and scripts for execution.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Vulnerability bypasses static analysis of untrusted Python pickles (CWE-502), directly enabling delivery and execution of malicious serialized payloads via Python interpreter after user interaction with the crafted file.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1.7.

Deeper analysisAI

Fickling, a Python pickling decompiler and static analyzer, is affected by CVE-2026-22612 prior to version 0.1.7. The vulnerability stems from "builtins" blindness, enabling a detection bypass (CWE-502: Deserialization of Untrusted Data). It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity with local attack vector, low complexity, no privileges required, and user interaction needed.

An unprivileged local attacker can exploit this vulnerability by crafting a pickle file that evades Fickling's static analysis due to its failure to properly handle "builtins." This requires tricking a user into analyzing the malicious input with a vulnerable version of Fickling, potentially leading to high-impact consequences including unauthorized disclosure of information, modification of data, and denial of system resources.

The GitHub security advisory (GHSA-h4rm-mm56-xf63) and release notes confirm the issue was addressed in Fickling version 0.1.7 via a specific commit (9f309ab834797f280cb5143a2f6f987579fa7cdf). Security practitioners should upgrade to version 0.1.7 or later to mitigate the vulnerability.