CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Exploitability : 1.8 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743
https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743

Configurations

No configuration.

History

22 Jun 2026, 18:16

Type	Values Removed	Values Added
References	~~() https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743 -~~	() https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743 -

22 Jun 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-22 16:16

Updated : 2026-06-22 19:49

NVD link : CVE-2026-12479

Mitre link : CVE-2026-12479

CVE.ORG link : CVE-2026-12479

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-12479", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-12479", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T16:29:31.140873Z"}}], "cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.8}]}, "affected": [{"source": "security@huntr.dev", "affectedData": [{"vendor": "keras-team", "product": "keras-team/keras", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}]}], "published": "2026-06-22T16:16:33.953", "references": [{"url": "https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743", "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations."}], "lastModified": "2026-06-22T19:49:09.490", "sourceIdentifier": "security@huntr.dev"}