CVE-2026-1669
HIGH
GHSA-3m4q-jmj6-r34q
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.
Analysis
Keras versions 3.0.0 through 3.13.1 are vulnerable to arbitrary file read through malicious .keras model files that abuse HDF5 external dataset references, enabling unauthenticated remote attackers to disclose sensitive local files. This high-severity vulnerability affects all supported platforms and currently has no available patch. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Keras 3.0.0-3.13.1 and identify which handle external model file uploads or accept models from untrusted sources. Within 7 days: Implement network segmentation to restrict model loading services from accessing sensitive file directories, and establish strict file upload validation requiring cryptographic signature verification of model files. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today