VDB
CVE-2026-1669
CVE-2026-1669
PUBLISHED
CVSS 7.099999904632568 HIGH
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.
EPSS 0.01% · 2.9th percentile
Risk Scores
CVSS v4.0
7.099999904632568
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.01%
2.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| keras | keras | 3.0.0, 3.0.0 |
| Keras | 3.0.0, 3.0.0 | |
| PyPI | keras | 3.13.0, 3.0.0, 3.13.0 |
Timeline
- Feb 11, 2026 CVE Published
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 CVE Updated
- Feb 18, 2026 EPSS Score
- Feb 18, 2026 PoC Published
- Feb 18, 2026 PoC Published
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 26, 2026 EPSS Score
References
- https://github.com/google/security-research/security/advisories url
- https://github.com/keras-team/keras/security/advisories/GHSA-3m4q-jmj6-r34q url
- https://nvd.nist.gov/vuln/detail/CVE-2026-1669 advisory
- https://github.com/keras-team/keras/pull/22057 url
- https://github.com/keras-team/keras/commit/8a37f9dadd8e23fa4ee3f537eeb6413e75d12553 url
- https://github.com/keras-team/keras package
- https://github.com/keras-team/keras/releases/tag/v3.12.1 url
- https://github.com/keras-team/keras/releases/tag/v3.13.2 url
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465 advisory
…and 6 more