{"api_version":"1","generated_at":"2026-06-22T19:29:55+00:00","cve":"CVE-2026-12479","urls":{"html":"https://cve.report/CVE-2026-12479","api":"https://cve.report/api/cve/CVE-2026-12479.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-12479","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-12479"},"summary":{"title":"Path Traversal in keras-team/keras","description":"A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations.","state":"PUBLISHED","assigner":"@huntr_ai","published_at":"2026-06-22 16:16:33","updated_at":"2026-06-22 18:16:32"},"problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"3.0","source":"security@huntr.dev","type":"Secondary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.0"}}],"references":[{"url":"https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743","name":"https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-12479","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12479","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"keras-team","product":"keras-team/keras","version":"affected unspecified latest custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-12479","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-22T16:29:31.140873Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-22T16:29:55.106Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"keras-team/keras","vendor":"keras-team","versions":[{"lessThanOrEqual":"latest","status":"affected","version":"unspecified","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-22T15:21:19.645Z","orgId":"c09c270a-b464-47c1-9133-acb35b22c19a","shortName":"@huntr_ai"},"references":[{"url":"https://huntr.com/bounties/188836b9-12fc-49c7-8dbf-04f60fe33743"}],"source":{"advisory":"188836b9-12fc-49c7-8dbf-04f60fe33743","discovery":"EXTERNAL"},"title":"Path Traversal in keras-team/keras"}},"cveMetadata":{"assignerOrgId":"c09c270a-b464-47c1-9133-acb35b22c19a","assignerShortName":"@huntr_ai","cveId":"CVE-2026-12479","datePublished":"2026-06-22T15:21:19.645Z","dateReserved":"2026-06-17T00:28:44.653Z","dateUpdated":"2026-06-22T16:29:55.106Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-22 16:16:33","lastModifiedDate":"2026-06-22 18:16:32","problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:29:31.140873Z","id":"CVE-2026-12479","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"12479","Ordinal":"1","Title":"Path Traversal in keras-team/keras","CVE":"CVE-2026-12479","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"12479","Ordinal":"1","NoteData":"A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the `DiskIOStore.make` method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths without sanitizing for parent directory components (`..`). While forward slashes (`/`) are restricted in layer names, directory traversal sequences are not. This allows an attacker to craft a malicious Keras model that, when saved or loaded, can escape the intended temporary working directory and perform unauthorized file system operations, such as creating directories or writing files in arbitrary locations.","Type":"Description","Title":"Path Traversal in keras-team/keras"}]}}}