PatchSiren cyber security CVE debrief

CVE-2026-11816 keras-team CVE debrief

A path traversal vulnerability was discovered in the archive extraction utilities of Keras, specifically in the `filter_safe_tarinfos()` and `filter_safe_zipinfos()` functions located in `keras/src/utils/file_utils.py`. These functions validate archive member paths against the process's current working directory (CWD) instead of the actual extraction destination. This can be exploited when the process runs with the CWD set to `/`, a common scenario in Docker containers, CI/CD runners, and Jupyter environments, effectively making the validation boundary the filesystem root. Consequently, traversal paths can bypass the security check. Additionally, there's a bug in the zip filter that causes an `AttributeError` when encountering a blocked entry, leading to incomplete extraction. Python 3.11 installations are particularly vulnerable as they lack the `filter='data'` safety net, making them entirely dependent on the flawed CWD-based filter. Successful exploitation can lead to arbitrary file writes outside the intended extraction directory, enabling attackers to overwrite configuration files, inject malicious code, or corrupt machine learning datasets and pipelines.