CVE-2026-53875 picklescan CVE debrief

Who should care

Developers and users of picklescan, especially those working with PyTorch models, should be aware of this vulnerability and take steps to mitigate it. This includes updating to picklescan version 1.0.3 or later and exercising caution when loading PyTorch models from untrusted sources.

Technical summary

The scan_pytorch function in picklescan before 1.0.3 contains a vulnerability that allows attackers to bypass scanning by embedding malicious magic numbers via dynamic eval using the __reduce__ trick. This enables the creation of malicious PyTorch payloads that evade detection but remain executable, potentially leading to arbitrary code execution when loaded with torch.load(). The vulnerability is classified as CWE-95 and has a CVSS score of 7.1.

Defensive priority

HIGH

Recommended defensive actions

• Update picklescan to version 1.0.3 or later
• Exercise caution when loading PyTorch models from untrusted sources
• Implement additional security measures, such as sandboxing or isolation, for PyTorch model loading
• Monitor for suspicious activity related to PyTorch model loading
• Consider using alternative model loading methods that are less vulnerable to exploitation
• Keep PyTorch and related dependencies up to date
• Use secure model storage and transmission practices

Evidence notes

The vulnerability was reported by an unknown vendor and has a low confidence level due to limited information. The CVE record was published on 2026-06-17T17:17:25.870Z and modified on 2026-06-17T20:21:59.863Z. The NVD detail page and CVE record provide additional information on the vulnerability.

Official resources