CVE-2026-35167

Name of the Vulnerable Software and Affected Versions Kedro versions prior to 1.3.0

Description The get versioned path() method directly interpolates user-supplied version strings without sanitization when constructing filesystem paths. This allows traversal sequences like '../' to escape the intended versioned dataset directory. This is reachable through catalog.load(..., version=...), DataCatalog.from config(..., load versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker influencing the version string can force Kedro to load files from outside the intended directory, potentially leading to unauthorized file reads, data poisoning, or cross-tenant data access.

Recommendations Upgrade to Kedro version 1.3.0 or later. Validate version strings before passing them to DataCatalog or the CLI, ensuring they do not contain .. segments, path separators, or absolute paths.