CVE-2026-33155: CWE-400: Uncontrolled Resource Consumption in seperman deepdiff
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2.
AI Analysis
Technical Summary
The vulnerability CVE-2026-33155 affects the Python library deepdiff, specifically versions from 5.0.0 up to but not including 8.6.2. Deepdiff is used for deep difference detection and searching within Python data structures. The issue lies in the _RestrictedUnpickler class, which is designed to safely unpickle objects by restricting which classes can be instantiated. However, while it restricts the classes, it does not limit the constructor arguments passed during unpickling. Some classes in the SAFE_TO_IMPORT list, such as builtins.bytes, builtins.list, and builtins.range, have constructors that allocate memory proportional to the input size. An attacker can craft a malicious pickle payload as small as 40 bytes that, when unpickled, causes the application to allocate more than 10 GB of memory. This leads to uncontrolled resource consumption, resulting in application crashes or denial of service (DoS). The vulnerability is exploitable remotely without any authentication or user interaction, making it highly dangerous in environments where untrusted pickle data is processed. The root cause is the insufficient validation of constructor arguments during unpickling, which allows attackers to exploit the memory allocation behavior of certain built-in types. The issue has been addressed and patched in deepdiff version 8.6.2, where constructor arguments are presumably validated or limited to prevent excessive resource consumption. There are currently no known exploits in the wild, but the high CVSS score of 8.7 reflects the severity and ease of exploitation. This vulnerability is categorized under CWE-400: Uncontrolled Resource Consumption.
Potential Impact
The primary impact of CVE-2026-33155 is denial of service through memory exhaustion. Applications using vulnerable versions of deepdiff that unpickle data from untrusted sources are at risk of crashing or becoming unresponsive due to excessive memory allocation. This can disrupt critical services, degrade performance, and potentially cause cascading failures in dependent systems. Organizations relying on deepdiff for data comparison or delta object loading in automated workflows, APIs, or data processing pipelines may experience service outages. The vulnerability does not directly compromise confidentiality or integrity but can severely affect availability. In cloud or containerized environments, exploitation could lead to resource starvation affecting multiple tenants or services. The ease of remote exploitation without authentication increases the risk of widespread attacks, especially in environments where untrusted pickle data is processed without proper validation. The lack of known exploits in the wild suggests limited current exploitation, but the vulnerability's characteristics make it a prime candidate for future attacks if unpatched. Overall, the impact is high for organizations using vulnerable deepdiff versions in exposed or untrusted data contexts.
Mitigation Recommendations
1. Upgrade immediately to deepdiff version 8.6.2 or later, where this vulnerability is patched. 2. Avoid unpickling data from untrusted or unauthenticated sources; treat all pickle data as potentially malicious. 3. Implement strict input validation and sanitization for any data that will be unpickled, including size and content checks. 4. Consider replacing pickle-based data interchange with safer serialization formats such as JSON or protobuf that do not allow arbitrary code execution or resource exhaustion. 5. Use application-level resource limits (e.g., memory quotas, container limits) to mitigate impact if untrusted pickle data must be processed. 6. Monitor application logs and system metrics for unusual memory usage spikes that could indicate exploitation attempts. 7. Employ runtime protections such as sandboxing or process isolation to limit the blast radius of a potential DoS attack. 8. Educate developers and DevOps teams about the risks of untrusted pickle data and enforce secure coding practices around deserialization. 9. Review and audit all code paths that invoke deepdiff’s pickle_load or similar unpickling functions to ensure they do not process untrusted input. 10. If upgrading is not immediately possible, consider patching or monkey-patching the _RestrictedUnpickler to validate constructor arguments or limit memory allocation.
Affected Countries
United States, Germany, United Kingdom, France, Japan, India, China, Canada, Australia, Netherlands, South Korea, Brazil, Russia, Israel
CVE-2026-33155: CWE-400: Uncontrolled Resource Consumption in seperman deepdiff
Description
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-33155 affects the Python library deepdiff, specifically versions from 5.0.0 up to but not including 8.6.2. Deepdiff is used for deep difference detection and searching within Python data structures. The issue lies in the _RestrictedUnpickler class, which is designed to safely unpickle objects by restricting which classes can be instantiated. However, while it restricts the classes, it does not limit the constructor arguments passed during unpickling. Some classes in the SAFE_TO_IMPORT list, such as builtins.bytes, builtins.list, and builtins.range, have constructors that allocate memory proportional to the input size. An attacker can craft a malicious pickle payload as small as 40 bytes that, when unpickled, causes the application to allocate more than 10 GB of memory. This leads to uncontrolled resource consumption, resulting in application crashes or denial of service (DoS). The vulnerability is exploitable remotely without any authentication or user interaction, making it highly dangerous in environments where untrusted pickle data is processed. The root cause is the insufficient validation of constructor arguments during unpickling, which allows attackers to exploit the memory allocation behavior of certain built-in types. The issue has been addressed and patched in deepdiff version 8.6.2, where constructor arguments are presumably validated or limited to prevent excessive resource consumption. There are currently no known exploits in the wild, but the high CVSS score of 8.7 reflects the severity and ease of exploitation. This vulnerability is categorized under CWE-400: Uncontrolled Resource Consumption.
Potential Impact
The primary impact of CVE-2026-33155 is denial of service through memory exhaustion. Applications using vulnerable versions of deepdiff that unpickle data from untrusted sources are at risk of crashing or becoming unresponsive due to excessive memory allocation. This can disrupt critical services, degrade performance, and potentially cause cascading failures in dependent systems. Organizations relying on deepdiff for data comparison or delta object loading in automated workflows, APIs, or data processing pipelines may experience service outages. The vulnerability does not directly compromise confidentiality or integrity but can severely affect availability. In cloud or containerized environments, exploitation could lead to resource starvation affecting multiple tenants or services. The ease of remote exploitation without authentication increases the risk of widespread attacks, especially in environments where untrusted pickle data is processed without proper validation. The lack of known exploits in the wild suggests limited current exploitation, but the vulnerability's characteristics make it a prime candidate for future attacks if unpatched. Overall, the impact is high for organizations using vulnerable deepdiff versions in exposed or untrusted data contexts.
Mitigation Recommendations
1. Upgrade immediately to deepdiff version 8.6.2 or later, where this vulnerability is patched. 2. Avoid unpickling data from untrusted or unauthenticated sources; treat all pickle data as potentially malicious. 3. Implement strict input validation and sanitization for any data that will be unpickled, including size and content checks. 4. Consider replacing pickle-based data interchange with safer serialization formats such as JSON or protobuf that do not allow arbitrary code execution or resource exhaustion. 5. Use application-level resource limits (e.g., memory quotas, container limits) to mitigate impact if untrusted pickle data must be processed. 6. Monitor application logs and system metrics for unusual memory usage spikes that could indicate exploitation attempts. 7. Employ runtime protections such as sandboxing or process isolation to limit the blast radius of a potential DoS attack. 8. Educate developers and DevOps teams about the risks of untrusted pickle data and enforce secure coding practices around deserialization. 9. Review and audit all code paths that invoke deepdiff’s pickle_load or similar unpickling functions to ensure they do not process untrusted input. 10. If upgrading is not immediately possible, consider patching or monkey-patching the _RestrictedUnpickler to validate constructor arguments or limit memory allocation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-17T21:17:08.886Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69bdb079e32a4fbe5fcd3b4c
Added to database: 3/20/2026, 8:39:21 PM
Last enriched: 3/27/2026, 10:51:32 PM
Last updated: 5/1/2026, 7:53:20 PM
Views: 65
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.