All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2025-71356
HIGHpublished 2026-07-04 02:16 UTC · 13 hours ago
7.6
CVSS / 10
// description
picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims.
// weaknesses (CWE)
- CWE-502