CVE-2026-1669

CWE-73 CWE-200 — Information Exposure9 documents7 sources

Severity

7.1HIGH

EPSS

0.0%

top 97.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Keras Keras Keras

Timeline

PublishedFeb 11

Latest updateFeb 18

Description

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶PyPIkeras3.13.0 — 3.13.2+2

▶CVEListV5google/keras3.0.0 — 3.13.1

▶NVDkeras/keras3.0.0 — 3.13.1

🔴Vulnerability Details

GHSA

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading↗2026-02-18

▶

OSV

Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading↗2026-02-18

▶

OSV

Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)↗2026-02-12

▶

OSV

CVE-2026-1669: Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3↗2026-02-11

▶

CVEList

Arbitrary File Read in Keras via HDF5 External Datasets↗2026-02-11

▶

📋Vendor Advisories

Red Hat

keras: Keras: Information disclosure via arbitrary file read in model loading mechanism↗2026-02-11

▶

Debian

CVE-2026-1669: keras - Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras v...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1669 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶