Symlink Vulnerability in Keras Affecting Multiple Python Versions
CVE-2026-12482
3.1LOW
What is CVE-2026-12482?
A vulnerability in Keras version 3.12.0 allows attackers to create malicious tar archives that bypass filtering mechanisms in file_utils.py. This security flaw exists due to insufficient validation of symlink entries, enabling attackers to conduct file read, file overwrite, or directory escape attacks. This issue notably affects Python versions 3.10 and 3.11, where the lack of protective measures against tar path traversal could lead to significant security breaches.
Affected Version(s)
keras-team/keras <= unspecified
