---
tags:
- security-research
- modelscan-bypass
license: mit
---
# Modelscan Bypass PoC: http.server.HTTPServer port binding backdoor
**Security research only.**
## Summary
Creates an HTTP server bound to 0.0.0.0:8888 during pickle.load().
http.server is not in modelscan's unsafe_globals blocklist.
Attacker can serve content or create a reverse shell listener.
## Reproduction
```bash
pip install modelscan
modelscan scan -p pytorch_model.bin  # No issues found
python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))"  # Executes
```
## Affected: modelscan 0.7.6 (latest)
## Disclosure: Submitted via Huntr.