CVE-2026-22607 is a vulnerability in the Fickling tool, a Python pickling decompiler and static analyzer developed by trailofbits. The vulnerability stems from an incomplete list of disallowed inputs, specifically the failure to treat Python's cProfile module as unsafe during pickle analysis. Pickle is a Python serialization format that can execute arbitrary code during deserialization if the payload is malicious. Fickling is designed to analyze pickle payloads and classify them as safe, suspicious, or overtly malicious to prevent unsafe deserialization. However, in versions up to and including 0.1.6, Fickling misclassifies pickles that use cProfile.run() as only suspicious rather than overtly malicious. This misclassification can mislead users or automated systems relying on Fickling's output to allow deserialization of malicious pickles, leading to arbitrary code execution on the target system. The vulnerability does not require authentication or user interaction, and the attack vector is network accessible if the pickle deserialization is exposed. The CVSS 4.0 vector indicates a network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The flaw is classified under CWE-184 (Incomplete List of Disallowed Inputs) and CWE-502 (Deserialization of Untrusted Data). The issue was publicly disclosed on January 10, 2026, and patched in Fickling version 0.1.7. No known exploits have been reported in the wild yet, but the vulnerability poses a significant risk to any system relying on Fickling for pickle security analysis.

For European organizations, this vulnerability poses a critical risk especially for those using Python-based applications or workflows that incorporate Fickling as a security gate for deserializing pickle data. Exploitation can lead to remote code execution, allowing attackers to compromise system confidentiality, integrity, and availability. This could result in data breaches, unauthorized access to sensitive information, disruption of services, and potential lateral movement within networks. Sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Python automation or data processing are particularly at risk. The vulnerability's ease of exploitation without authentication or user interaction increases the threat level. Additionally, organizations that integrate third-party products or services using Fickling may be indirectly affected. The lack of known exploits in the wild currently provides a window for proactive mitigation, but the high CVSS score indicates that the impact of a successful attack would be severe.

European organizations should immediately upgrade Fickling to version 0.1.7 or later to ensure the vulnerability is patched. They should audit all workflows and products that use Fickling as a security gate for pickle deserialization to confirm the updated version is deployed. Where possible, avoid using pickle deserialization for untrusted data altogether, or implement additional layers of validation and sandboxing around deserialization processes. Employ runtime monitoring and anomaly detection to identify suspicious execution patterns related to cProfile or other unusual module usage during deserialization. Organizations should also review their incident response plans to prepare for potential exploitation scenarios. For environments where upgrading Fickling is not immediately feasible, consider disabling pickle deserialization or restricting network access to services that perform deserialization. Finally, raise awareness among development and security teams about the risks of deserializing untrusted data and the importance of using updated security tools.