Arbitrary Code Execution Vulnerability in Keras Package by Keras Team
CVE-2026-1462

8.8HIGH

Key Information:

Vendor: Keras-team
Status: Keras-team/keras
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-1462?

A vulnerability in the TFSMLayer class of the keras package allows attacker-controlled TensorFlow SavedModels to be deserialized, even when safe_mode=True, leading to arbitrary code execution during model inference. This issue stems from the unconditional loading of external SavedModels, serialization of attacker-controlled paths, and inadequate validation in the from_config() method. Attackers can exploit this vulnerability to execute malicious code under the victim's privileges, undermining the security intended by the safe_mode setting.

Affected Version(s)

keras-team/keras < 3.13.2

References

https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdb...

https://github.com/keras-team/keras/commit/b6773d3decaef1...

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Jan 27, 2026

CVE-2026-1462 Data

JSON

Keras-team

What is CVE-2026-1462?

Affected Version(s)

References

CVSS V3.0

Timeline