Human
Machine
REPRO-2026-00061 MEDIUM RCE
Verified
python-socketio: Pickle Deserialization RCE in PubSub Manager
python-socketio (pip) Jan 12, 2026
What's the vulnerability?
Pickle deserialization vulnerability in python-socketio's pubsub manager allows RCE when attacker can inject messages into message queue
Root Cause Analysis
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00061 or
pruva-verify GHSA-g8c6-8fjj-2r4m or
pruva-verify CVE-2025-61765 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00061/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...