PT-2026-54620 · Keras Team · Keras-Team/Keras

Publicado

2026-07-01

·

Atualizado

2026-07-01

·

CVE-2026-12480

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset() and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or .h5 weights file containing a Virtual Dataset (VDS) that references external HDF5 files on the victim's filesystem. When the victim loads the model using keras.models.load model() or keras.saving.load model(), the external file is transparently read, leading to potential information disclosure. Fixed in versions 3.12.2 and 3.14.1.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-12480

Produtos afetados

Keras-Team/Keras