Skip to main content

CVE-2026-35171

CRITICAL
Code Injection (CWE-94)
2026-04-03 https://github.com/kedro-org/kedro GHSA-9cqf-439c-j96r
9.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Apr 03, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 03, 2026 - 04:00 vuln.today
CVE Published
Apr 03, 2026 - 03:48 nvd
CRITICAL 9.8

DescriptionGitHub Advisory

Impact

This is a critical Remote Code Execution (RCE) vulnerability caused by unsafe use of logging.config.dictConfig() with user-controlled input.

Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup.

---

Patches

The vulnerability is fixed by introducing validation that rejects the unsafe () factory key in logging configurations before passing them to dictConfig().

Fixed in
  • Kedro 1.3.0

Users should upgrade to this version as soon as possible.

---

Workarounds

If upgrading is not immediately possible:

  • Do not allow untrusted input to control the KEDRO_LOGGING_CONFIG environment variable
  • Restrict write access to logging configuration files
  • Avoid using externally supplied or dynamically generated logging configs
  • Manually validate logging YAML to ensure it does not contain the () key

These mitigations reduce risk but do not fully eliminate it.

AnalysisAI

Remote code execution in Kedro (all versions prior to 1.3.0) allows unauthenticated network attackers to execute arbitrary system commands during application startup by poisoning the KEDRO_LOGGING_CONFIG environment variable. The vulnerability stems from unsafe use of Python's logging.config.dictConfig() with the special '()' factory key that enables arbitrary callable instantiation. With CVSS 9.8 (critical severity, network-exploitable, no privileges required, low complexity), this represents a

Technical ContextAI

This vulnerability exploits a dangerous feature in Python's standard library logging configuration mechanism. The logging.config.dictConfig() function supports a special '()' key that dynamically instantiates arbitrary Python callables during configuration parsing. Kedro, a popular data pipeline framework (pkg:pip/kedro), reads logging configuration from a file path specified via the KEDRO_LOGGING_CONFIG environment variable without validating the configuration contents before passing to dictConfig(). An attacker who can control this environment variable or write to the referenced configuration file can inject a malicious logging configuration containing entries like '()': 'os.system' or '()': 'subprocess.Popen' with arbitrary command arguments. This triggers code execution during the logging subsystem initialization at application startup, before any application-level security controls are active. The root cause is CWE-94 (Improper Control of Generation of Code), specifically unsafe deserialization of configuration data that supports executable directives. This pattern has affected other Python frameworks and represents a broader ecosystem risk wherever dictConfig() processes untrusted input.

RemediationAI

Upgrade immediately to Kedro version 1.3.0 or later, which introduces validation to reject the unsafe '()' factory key in logging configurations before processing with dictConfig(). Organizations can install the patched version using pip: 'pip install --upgrade kedro>=1.3.0' and verify installation with 'pip show kedro'. For environments where immediate upgrading is not feasible, implement defense-in-depth mitigations: restrict write permissions on all logging configuration files to trusted system accounts only; prevent untrusted input from controlling the KEDRO_LOGGING_CONFIG environment variable through input validation, environment variable allowlisting in container orchestration, and least-privilege execution contexts; audit all existing logging configuration YAML files to ensure they do not contain the '()' key; and implement runtime monitoring for unexpected child processes spawned by Kedro applications. In containerized deployments, use read-only filesystems for configuration directories and explicitly set KEDRO_LOGGING_CONFIG to a known-safe path in the container image rather than accepting it from external sources. These workarounds reduce attack surface but do not provide complete protection-upgrading to the patched version remains the only definitive remediation. Consult the official GitHub advisory (https://github.com/kedro-org/kedro/security/advisories/GHSA-9cqf-439c-j96r) for additional vendor guidance and subscribe to Kedro security announcements for future updates.

Share

CVE-2026-35171 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy