The vulnerability stems from the _deserialize_value function's logic in xcom.py. The original code contained a try-except block that first attempted JSON deserialization, but then fell back to unsafe pickle.loads() on decoding errors (like JSONDecodeError or UnicodeDecodeError). This created an injection vector when 'enable_xcom_pickling=False' was configured, as attackers could craft payloads that force the fallback to pickle deserialization. The patch removed this fallback mechanism, confirming this was the vulnerable code path. The accompanying test changes (e.g., expecting UnicodeDecodeError instead of silent pickle fallback) further validate this analysis.