CVE-2026-1462

Name of the Vulnerable Software and Affected Versions keras version 3.13.0

Description A flaw in the TFSMLayer class allows attacker-controlled TensorFlow SavedModels to be loaded during the deserialization of .keras models. This occurs even when safe mode=True is enabled, bypassing security guarantees and enabling arbitrary code execution during model inference under the victim's privileges. The issue is caused by the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and a lack of validation in the from config() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.