CRITICAL
Jsonpickle
CVE published 2026-05-16
CVE-2021-47952
CVE-2021-47952 is a critical Python deserialization issue in jsonpickle 2.0.0. According to the supplied record, a crafted JSON payload using py/repr directives can trigger eval during deserialization and lead to arbitrary Python command execution. Systems that accept untrusted JSON and rely on jsonpickle for object round-tripping should treat this as an immediate remediation item.