Arbitrary File Read Vulnerability in Keras by Keras Team
CVE-2026-12480

5.5MEDIUM

Key Information:

Vendor

Keras-team

Vendor
CVE Published:
1 July 2026

What is CVE-2026-12480?

Versions of Keras up to and including 3.13.2 are susceptible to an arbitrary file read vulnerability. This issue arises from an incomplete fix of a previous vulnerability, which fails to properly validate the dataset.is_virtual property within HDF5 datasets. As a result, an attacker can create a crafted .keras model archive or .h5 weights file that includes a Virtual Dataset (VDS), referencing external HDF5 files located on the victim's system. When a user loads the model using keras.models.load_model() or keras.saving.load_model(), the external file can be accessed without authorization, leading to a potential information disclosure risk. The vulnerability has been addressed in Keras versions 3.12.2 and 3.14.1.

Affected Version(s)

keras-team/keras < 3.12.2, 3.14.1

References

CVSS V3.0

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.