PYSEC-2026-526

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/rpc-py/PYSEC-2026-526.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-526
Aliases
Published
2026-06-29T11:50:33.689769Z
Modified
2026-07-01T20:23:04.195521Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
rpc.py vulnerable to Deserialization of Untrusted Data
Details

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

Per the maintainer, rpc.py is not designed for an API that is open to the outside world, and external requests cannot reach rpc.py in real world use.

A fix exists on the master branch. As a workaround, use the following code to turn off pickle in older versions: ``` del SERIALIZERNAMES[PickleSerializer.name] del SERIALIZERTYPES[PickleSerializer.content_type]

References

Affected packages

PyPI / rpc-py

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.4.2
Last affected
0.6.0

Affected versions

0.*
0.4.2
0.4.3
0.5.0
0.5.1
0.6.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/rpc-py/PYSEC-2026-526.yaml"