CVE-2026-1669

EPSS 0.27%
Veröffentlicht 11.02.2026 22:10:10
Zuletzt bearbeitet 26.02.2026 23:23:59
Quelle cve-coordination@google.com
CVE-Watchlists
Login
Unerledigt
Login

Arbitrary File Read in Keras via HDF5 External Datasets

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Keras ≫ Keras Version >= 3.0.0 <= 3.13.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.186

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-coordination@google.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://github.com/google/security-research/security/advisories

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1669

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1669

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1669

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1669