PatchSiren cyber security CVE debrief
CVE-2021-47952 Jsonpickle CVE debrief
CVE-2021-47952 is a critical Python deserialization issue in jsonpickle 2.0.0. According to the supplied record, a crafted JSON payload using py/repr directives can trigger eval during deserialization and lead to arbitrary Python command execution. Systems that accept untrusted JSON and rely on jsonpickle for object round-tripping should treat this as an immediate remediation item.
- Vendor
- Jsonpickle
- Product
- Unknown
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-16
- Original CVE updated
- 2026-05-16
- Advisory published
- 2026-05-16
- Advisory updated
- 2026-05-16
Who should care
Security teams and developers using jsonpickle in Python applications, especially services that accept or process attacker-controlled JSON. This is most important for internet-facing APIs, message consumers, data import pipelines, and any workflow that deserializes untrusted content.
Technical summary
The supplied description states that jsonpickle 2.0.0 can deserialize malicious JSON containing py/repr objects in a way that invokes eval, enabling arbitrary code execution. NVD lists the weakness as CWE-94 and rates the issue 9.3 Critical. The practical risk is that untrusted JSON can be converted into executable behavior during object reconstruction.
Defensive priority
Immediate / critical. Prioritize this alongside other remote code execution issues, especially if jsonpickle is reachable through untrusted input paths.
Recommended defensive actions
- Inventory where jsonpickle is used and identify every path that deserializes attacker-controlled JSON.
- Upgrade jsonpickle to a non-vulnerable upstream release as soon as possible, and verify the change in deployment artifacts.
- Until patched, do not deserialize untrusted JSON with jsonpickle; replace it with a safer parser or a restricted data-only format where feasible.
- Add input validation and trust boundaries around any serialization/deserialization workflow that currently accepts external data.
- Segment or isolate services that must continue using jsonpickle so a successful deserialization issue has less impact.
- Review logs and telemetry for unexpected deserialization failures or unusual payload patterns on affected endpoints.
Evidence notes
The debrief is based on the supplied NVD record for CVE-2021-47952, which marks the vulnerability as received and associates it with CWE-94. The supplied description states that jsonpickle 2.0.0 can execute arbitrary Python commands when deserializing malicious JSON containing py/repr objects. No fix version or exploit validation steps were inferred beyond the provided corpus.
Official resources
Publicly disclosed in the supplied NVD record with published and modified timestamps of 2026-05-16T16:16:21.520Z. The record also includes upstream jsonpickle references and a VulnCheck advisory reference.