High severityNVD Advisory· Published Feb 11, 2026· Updated Feb 12, 2026
Arbitrary File Read in Keras via HDF5 External Datasets
CVE-2026-1669
Description
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kerasPyPI | >= 3.13.0, < 3.13.2 | 3.13.2 |
kerasPyPI | >= 3.0.0, < 3.12.1 | 3.12.1 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/tensorflow-cpu-jupyterpkg:apk/chainguard/tensorflow-gpu-jupyterpkg:apk/wolfi/tensorflow-cpu-jupyterpkg:pypi/keras
< 2.20.0-r11+ 3 more
- (no CPE)range: < 2.20.0-r11
- (no CPE)range: < 2.20.0-r10
- (no CPE)range: < 2.20.0-r11
- (no CPE)range: >= 3.13.0, < 3.13.2
- Google/Kerasv5Range: 3.0.0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-3m4q-jmj6-r34qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1669ghsaADVISORY
- github.com/keras-team/keras/commit/8a37f9dadd8e23fa4ee3f537eeb6413e75d12553ghsaWEB
- github.com/keras-team/keras/pull/22057ghsaWEB
- github.com/keras-team/keras/releases/tag/v3.12.1ghsaWEB
- github.com/keras-team/keras/releases/tag/v3.13.2ghsaWEB
- github.com/keras-team/keras/security/advisories/GHSA-3m4q-jmj6-r34qghsaWEB
- github.com/google/security-research/security/advisoriesmitre
News mentions
0No linked articles in our index yet.