Keras · Keras · CVE-2026-1462
**Name of the Vulnerable Software and Affected Versions**
keras version 3.13.0
**Description**
A flaw in the `TFSMLayer` class allows attacker-controlled TensorFlow SavedModels to be loaded during the deserialization of `.keras` models. This occurs even when `safe mode=True` is enabled, bypassing security guarantees and enabling arbitrary code execution during model inference under the victim's privileges. The issue is caused by the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and a lack of validation in the `from config()` function.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.