Arbitrary File Read Vulnerability in Keras by Keras Team
CVE-2026-12480
What is CVE-2026-12480?
Versions of Keras up to and including 3.13.2 are susceptible to an arbitrary file read vulnerability. This issue arises from an incomplete fix of a previous vulnerability, which fails to properly validate the dataset.is_virtual property within HDF5 datasets. As a result, an attacker can create a crafted .keras model archive or .h5 weights file that includes a Virtual Dataset (VDS), referencing external HDF5 files located on the victim's system. When a user loads the model using keras.models.load_model() or keras.saving.load_model(), the external file can be accessed without authorization, leading to a potential information disclosure risk. The vulnerability has been addressed in Keras versions 3.12.2 and 3.14.1.
Affected Version(s)
keras-team/keras < 3.12.2, 3.14.1
