REPRO-2026-00063 CRITICAL RCE Verified

deepdiff: Class Pollution RCE via Delta Tuple Path Bypass

deepdiff (pip) Jan 13, 2026

Confidence HIGH

Reproduced in 1m 7s

Tool calls 5

Affected >= 5.0.0, <= 8.6.0

Fixed in 8.6.1

What's the vulnerability?

Class pollution vulnerability in deepdiff Delta class allows RCE via tuple path bypass of dunder attribute filters

One Command

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00063

or pruva-verify GHSA-mw26-5g2v-hqw3

or pruva-verify CVE-2025-58367

Install: curl -fsSL https://pruva.dev/install.sh | sh

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00063/artifacts/repro/reproduction_steps.sh

chmod +x reproduction_steps.sh

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

Watch the AI agent's step-by-step process.

Loading session...