目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2026-14535— Fickling共享可变状态致ML允许列表失效漏洞

CVSS 8.8 · High

影响版本矩阵 2

厂商产品版本范围状态
trailofbitsfickling≤ 0.1.11affected
0.1.12unaffected
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2026-14535 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in the shared AnalysisContext.reported_shortened_code set. When the MLAllowlist analysis pass subsequently runs, it calls the same shorten_code() method, receives already_reported=True for every import, and executes a continue statement that skips its allowlist check entirely. This renders MLAllowlist dead code for all imports — it never evaluates whether an import is in the ML allowlist or not. The MLAllowlist pass was designed to catch imports of modules outside the known-safe ML ecosystem (torch, numpy, transformers, etc.) that slip past the UnsafeImports denylist. With MLAllowlist inoperative, any standard library module not in the UNSAFE_IMPORTS denylist can be invoked via pickle deserialization while fickling's check_safety() returns LIKELY_SAFE. The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate, meaning a LIKELY_SAFE verdict causes the payload to be deserialized and executed. The root cause is shared mutable state between independently-correct analysis passes — UnsafeImportsML works as designed in isolation, MLAllowlist works as designed in isolation, but the shared reported_shortened_code set causes UnsafeImportsML to poison MLAllowlist's deduplication logic.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
保护机制失效
来源: 美国国家漏洞数据库 NVD

受影响产品

厂商产品影响版本CPE订阅
trailofbitsfickling 0 ~ 0.1.11 -

二、漏洞 CVE-2026-14535 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级
Qwen3.6-35B-A3B · 7610 chars
Pro+ 专属包含:
漏洞复现靶场录像(真实沙箱构建 + 触发,独家)
漏洞原理深度分析
触发条件与影响面
完整可执行 POC 代码
利用链与缓解建议
POC 打包下载
每月 100+ 条 AI 生成额度

三、漏洞 CVE-2026-14535 的情报信息

登录查看更多情报信息。

CVE-2026-14535 补丁与修复 (2)

CVE-2026-14535 厂商安全公告 (1)

CVE-2026-14535 厂商页面 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-14535

暂无评论


发表评论