PatchSiren cyber security CVE debrief
CVE-2026-12482 keras-team CVE debrief
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the `filter_safe_tarinfos` validation in `keras/src/utils/file_utils.py`. Specifically, symlink entries are not subjected to the same `is_path_in_dir` validation as regular file entries, allowing symlinks to be created outside the intended extraction directory. This can lead to symlink-based file read, file overwrite, or directory escape attacks. The issue is particularly impactful on Python 3.10 and 3.11, where `filter_safe_tarinfos` is the sole defense against tar path traversal. Users of keras-team/keras version 3.12.0 should be aware of this vulnerability and take steps to mitigate it by updating to a patched version or applying compensating controls.
- Vendor
- keras-team
- Product
- keras-team/keras
- CVSS
- LOW 3.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-14
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-07-14
- Advisory updated
- 2026-07-14
Who should care
Users of keras-team/keras version 3.12.0, particularly those using Python 3.10 and 3.11, should be aware of this vulnerability and take steps to mitigate it. This includes updating to a patched version of keras-team/keras, using caution when extracting tar archives from untrusted sources, and monitoring for suspicious activity. Additionally, operators, platform administrators, vulnerability management teams, and security teams should review the official advisory and assess their exposure to this vulnerability.
Technical summary
The vulnerability in keras-team/keras version 3.12.0 arises from the incomplete validation of symlink entries in tar archives. Unlike regular file entries, symlinks are not properly checked against the intended extraction directory, allowing attackers to create symlinks outside this directory. This can lead to various attacks, including unauthorized file access, modification, or directory traversal. The vulnerability is especially concerning for Python 3.10 and 3.11 users, as `filter_safe_tarinfos` is their primary defense against such attacks. To address this, users should update to a patched version of keras-team/keras and exercise caution when extracting tar archives from untrusted sources.
Defensive priority
Low
Recommended defensive actions
- Update to a patched version of keras-team/keras
- Use caution when extracting tar archives from untrusted sources
- Monitor for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability is particularly impactful on Python 3.10 and 3.11, where `filter_safe_tarinfos` is the sole defense against tar path traversal. This limitation in `filter_safe_tarinfos` can be exploited by attackers to bypass intended directory protections. Evidence from the CVE record and NVD detail suggests that this vulnerability allows for symlink-based attacks, potentially leading to unauthorized file access or modification. To verify and mitigate this vulnerability, defenders should review the official advisory, assess their exposure, and apply patches or compensating controls as necessary.
Official resources
-
CVE-2026-12482 CVE record
CVE.org
-
CVE-2026-12482 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-14T06:16:59.527Z and has not been modified since then.