Keras Team Keras

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-1462 PyPI HIGH PATCH GHSA This Week

Remote code execution in Keras 3.13.0 allows unauthenticated attackers to execute arbitrary code by crafting malicious .keras model files that load attacker-controlled TensorFlow SavedModels during deserialization, bypassing safe_mode protections. Exploitation requires user interaction (victim must load the malicious model), but no authentication is required to deliver the payload. EPSS data not available; no public exploit code or active exploitation confirmed at time of analysis, but the technical barrier is low given the detailed vulnerability disclosure.

RCE Deserialization Keras Team Keras
NVD GitHub VulDB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2026-1462 PyPI
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Keras 3.13.0 allows unauthenticated attackers to execute arbitrary code by crafting malicious .keras model files that load attacker-controlled TensorFlow SavedModels during deserialization, bypassing safe_mode protections. Exploitation requires user interaction (victim must load the malicious model), but no authentication is required to deliver the payload. EPSS data not available; no public exploit code or active exploitation confirmed at time of analysis, but the technical barrier is low given the detailed vulnerability disclosure.

RCE Deserialization Keras Team Keras
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy