HIGH
kedro-org
CVE published 2026-06-12
CVE-2026-3840
A high-severity path traversal vulnerability exists in Kedro version 1.2.0. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization, allowing an attacker to escape the intended versioned dataset directory and access files outside the expected path. This issue is also reachable through the CLI via the `--load-ve [truncated]