HIGH
keras-team
CVE published 2026-06-11
CVE-2026-11816
A path traversal vulnerability was discovered in the archive extraction utilities of Keras, specifically in the `filter_safe_tarinfos()` and `filter_safe_zipinfos()` functions located in `keras/src/utils/file_utils.py`. These functions validate archive member paths against the process's current working directory (CWD) instead of the actual extraction destination. This can be exploited when the process run [truncated]