CVE-2026-3840
Description
Path traversal in Kedro 1.2.0 allows attackers to read arbitrary files via unsanitized version strings in dataset paths.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal in Kedro 1.2.0 allows attackers to read arbitrary files via unsanitized version strings in dataset paths.
Vulnerability
In Kedro version 1.2.0, the _get_versioned_path() method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This allows an attacker to escape the intended versioned dataset directory. The issue is also reachable through the CLI via the --load-versions parameter, as _split_load_versions() in kedro/framework/cli/utils.py does not validate the version string. [1]
Exploitation
An attacker needs to provide a crafted version string, either programmatically via the API or through the CLI --load-versions parameter. No authentication is required if the CLI is exposed or if the API accepts user input. The attacker can use path traversal sequences (e.g., ../) to navigate outside the intended directory.
Impact
Successful exploitation leads to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers. [1]
Mitigation
As of the publication date, no fix has been released. Users should avoid passing untrusted version strings to Kedro's API or CLI. The vendor has not yet provided a patched version. [1]
AI Insight generated on Jun 12, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.