Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2021-47952 -- CVSS 9.8 Vulnerability Briefing

CVE-2021-47952 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2021-47952 is a remote code execution vulnerability in the Python jsonpickle library version 2.0.0, affecting any application that deserializes untrusted JSON input using this library.

Technical Detail

The flaw exists in jsonpickle's deserialization logic, which supports a special object notation called py/repr that instructs the library to evaluate arbitrary Python expressions during the unpickling process. An attacker who can supply a crafted JSON payload containing a malicious py/repr object can cause the application to execute arbitrary Python commands in the context of the running process. The impact is full remote code execution, with no authentication required if the deserialization endpoint is externally accessible.

Exploitation Status

This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. No known public exploit code has been confirmed at this time, and exploit maturity is assessed as undeveloped. Despite the critical CVSS score of 9.8, there is no verified evidence of active exploitation in the wild as of May 23, 2026.

Who Is Targeting This

Confirmed (ATTAX-verified): Lazarus Group (DPRK, nation-state motivation), Moonstone Sleet (DPRK, nation-state motivation), APT29 (Russia, nation-state motivation), and TA577 (origin unknown, motivation unknown) have all been associated with this vulnerability at high confidence. No additional reported or research-inferred actor attribution is on record beyond these confirmed entries. The presence of multiple high-confidence DPRK and Russian nation-state actors is notable and suggests this vulnerability is of active interest to sophisticated adversaries regardless of the current lack of public exploit code.

What To Do

Organizations using jsonpickle should upgrade to a version beyond 2.0.0 that addresses this deserialization flaw. As an immediate workaround, avoid passing any untrusted or externally supplied JSON data to jsonpickle's decode or unpickle functions. If jsonpickle is used in a web-facing or API context, audit all input paths to confirm that user-controlled data cannot reach deserialization calls. Given the confirmed interest from multiple nation-state actors, patching should be treated as high priority even in the absence of a public exploit. Detection efforts should focus on anomalous process spawning from Python interpreter processes and unexpected outbound network connections originating from application servers running jsonpickle-dependent code.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →