CVE-2026-12479 keras-team CVE debrief

Who should care

Developers and users of the keras-team/keras library, version 3.14.0, should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes ensuring that the library is updated to a patched version and validating user-provided input to prevent path traversal attacks. Additionally, users of Keras should be cautious when loading or saving models from untrusted sources.

Technical summary

The path traversal vulnerability in keras-team/keras arises from the improper handling of user-provided layer names in the `DiskIOStore.make` method. While forward slashes are restricted in layer names, directory traversal sequences are not, allowing attackers to craft malicious models that can escape the intended temporary working directory. The vulnerability has a CVSS vector of CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The CWE associated with this vulnerability is CWE-22.

Defensive priority

High priority should be given to updating the keras-team/keras library to a patched version. Additionally, defenders should validate user-provided input and implement compensating controls to prevent path traversal attacks.

Recommended defensive actions

• Update the keras-team/keras library to a patched version.
• Validate user-provided input to prevent path traversal attacks.
• Implement compensating controls to detect and prevent unauthorized file system operations.
• Monitor for suspicious activity and implement exception tracking.
• Perform regular inventory checks to ensure that all instances of the keras-team/keras library are updated and patched.

Evidence notes

The evidence for this CVE comes from the NVD and Huntr sources. The NVD provides official vulnerability database information, while Huntr provides additional details on the vulnerability. The CVE was published on June 22, 2026, and modified on June 22, 2026.

Official resources