Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-33155

CVE-2026-33155: DeepDiff Pickle DoS Vulnerability

CVE-2026-33155 is a denial of service flaw in DeepDiff that exploits pickle unpickler to allocate excessive memory. A 40-byte payload can crash applications. This article covers technical details, affected versions, and fixes.

Published:

CVE-2026-33155 Overview

CVE-2026-33155 is a Resource Exhaustion vulnerability affecting DeepDiff, a Python library used for computing deep differences and searching within Python data structures. The vulnerability exists in the _RestrictedUnpickler class which, while validating allowed classes for deserialization, fails to restrict constructor arguments for types in the SAFE_TO_IMPORT list. This oversight allows attackers to craft malicious pickle payloads that force excessive memory allocation, leading to denial of service conditions.

Critical Impact

A compact 40-byte pickle payload can force the allocation of 10+ GB of memory, crashing applications that process untrusted delta objects or call pickle_load with attacker-controlled data.

Affected Products

  • DeepDiff versions 5.0.0 through 8.6.1
  • Applications using DeepDiff's pickle functionality with untrusted input
  • Systems processing delta objects from external sources

Discovery Timeline

  • 2026-03-20 - CVE CVE-2026-33155 published to NVD
  • 2026-03-23 - Last updated in NVD database

Technical Details for CVE-2026-33155

Vulnerability Analysis

This vulnerability stems from an incomplete security control in DeepDiff's restricted pickle unpickler implementation. The _RestrictedUnpickler class was designed to provide safe deserialization by maintaining an allowlist of classes (SAFE_TO_IMPORT) that can be instantiated during unpickling. However, the security mechanism only validates the class type being instantiated without placing any constraints on the arguments passed to those constructors.

Several built-in Python types included in SAFE_TO_IMPORT—specifically builtins.bytes, builtins.list, and builtins.range—have constructors that allocate memory proportional to their input parameters. An attacker can exploit this by crafting a pickle payload that instructs these constructors to allocate enormous amounts of memory, far exceeding what the system can handle.

Root Cause

The root cause is CWE-400: Uncontrolled Resource Consumption. The _RestrictedUnpickler validates class types but does not implement bounds checking on constructor arguments. This allows attackers to pass arbitrarily large values to memory-allocating constructors, triggering resource exhaustion. The vulnerability affects the pickle_load function and any code path that deserializes delta objects from untrusted sources.

Attack Vector

The attack is network-accessible and requires no authentication or user interaction. An attacker can deliver a malicious pickle payload through any interface where DeepDiff processes untrusted serialized data. The attack is highly efficient—a payload as small as 40 bytes can trigger allocation requests exceeding 10 GB of memory. When the system attempts to fulfill this allocation request, it either crashes the application, triggers out-of-memory conditions, or severely degrades system performance for other processes.

The vulnerability is particularly dangerous in:

  • Web applications accepting serialized diff objects
  • API endpoints processing DeepDiff data
  • Message queue consumers handling pickled payloads
  • Distributed systems sharing delta computations

Detection Methods for CVE-2026-33155

Indicators of Compromise

  • Sudden memory spikes in processes using DeepDiff library
  • Application crashes with out-of-memory errors during pickle operations
  • Unusual network traffic containing small payloads to endpoints processing serialized data
  • System logs showing memory allocation failures in Python processes

Detection Strategies

  • Monitor memory consumption patterns in applications using DeepDiff pickle_load functionality
  • Implement alerting on processes that exceed baseline memory thresholds during deserialization operations
  • Deploy application performance monitoring (APM) to detect anomalous resource usage during data processing
  • Use intrusion detection systems to flag suspicious pickle payloads targeting known vulnerable endpoints

Monitoring Recommendations

  • Enable detailed logging for all pickle deserialization operations in production environments
  • Set up resource usage alerts with thresholds appropriate for your application's baseline behavior
  • Monitor for process terminations due to memory exhaustion, particularly in services handling external input
  • Track DeepDiff library versions across your software inventory for rapid identification of vulnerable deployments

How to Mitigate CVE-2026-33155

Immediate Actions Required

  • Upgrade DeepDiff to version 8.6.2 or later immediately
  • Audit all code paths where pickle_load or delta object deserialization processes untrusted input
  • Implement input validation and size limits on serialized data before deserialization
  • Consider containerization with memory limits to prevent system-wide impact from resource exhaustion

Patch Information

The vulnerability has been patched in DeepDiff version 8.6.2. The fix adds constructor argument validation to prevent excessive memory allocation during unpickling operations. The patch is available via the GitHub Commit Update.

For detailed vulnerability information and remediation guidance, refer to the GitHub Security Advisory GHSA-54jj-px8x-5w5q.

Workarounds

  • Avoid using pickle_load with untrusted data sources until the patch can be applied
  • Implement memory limits at the process or container level to contain potential exploitation
  • Use JSON serialization instead of pickle for data exchange where possible
  • Deploy input sanitization layers that reject oversized or malformed serialized payloads before they reach DeepDiff
bash
# Upgrade DeepDiff to patched version
pip install --upgrade deepdiff>=8.6.2

# Verify installed version
pip show deepdiff | grep Version

# Set container memory limits as a defense-in-depth measure
docker run --memory="512m" --memory-swap="512m" your-application

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne