What is CVE-2026-3490?

CVE-2026-3490 is a critical-severity vulnerability in Picklescan, classified under CWE-183. CVSS score: 10.0/10. Published 2026-06-17.

How severe is CVE-2026-3490?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Picklescan

CVE-2026-3490

picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.s…

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Picklescan — versions 0, 1.0.4

Weakness classification (CWE)

CWE-183

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-3490?: CVE-2026-3490 is a critical-severity vulnerability in Picklescan, classified under CWE-183. CVSS score: 10.0/10. Published 2026-06-17.
How severe is CVE-2026-3490?: Critical severity. CVSS v3 base score is 10.0 out of 10.