CVE-2026-1669— Arbitrary File Read in Keras via HDF5 External Datasets
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1669
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Read in Keras via HDF5 External Datasets
Source: NVD (National Vulnerability Database)
Vulnerability Description
Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Keras 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Keras是Keras开源的一个多后端深度学习框架。 Keras 3.13.1及之前版本存在安全漏洞,该漏洞源于模型加载机制(HDF5集成)存在缺陷,可能导致远程攻击者通过特制.keras模型文件读取本地文件并泄露敏感信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-1669
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1669
请登录查看更多情报信息。
Same Patch Batch · Google · 2026-02-11 · 14 CVEs total
| CVE-2026-2323 | Google Chrome 安全漏洞 | |
| CVE-2026-2322 | Google Chrome 安全漏洞 | |
| CVE-2026-2320 | Google Chrome 安全漏洞 | |
| CVE-2026-2321 | Google Chrome 资源管理错误漏洞 | |
| CVE-2026-2318 | Google Chrome 安全漏洞 | |
| CVE-2026-2319 | Google Chrome 安全漏洞 | |
| CVE-2026-2317 | Google Chrome 安全漏洞 | |
| CVE-2026-2316 | Google Chrome 安全漏洞 | |
| CVE-2026-2315 | Google Chrome 安全漏洞 | |
| CVE-2026-2314 | Google Chrome 安全漏洞 | |
| CVE-2026-2313 | Google Chrome 资源管理错误漏洞 | |
| CVE-2025-12474 | libjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handli | |
| CVE-2026-1837 | libjxl: Out-of-bounds write in grayscale color transformation when using LCMS2 |
IV. Related Vulnerabilities
Same product: Keras
- CVE-2026-0897
Denial of Service in Keras via Excessive Memory Allocation i - CVE-2025-12060
Keras keras.utils.get_file Utility Path Traversal Vulnerabil - CVE-2025-12058
Vulnerability in Keras Model.load_model Leading to Arbitrary - CVE-2025-49655
Keras 安全漏洞 - CVE-2025-9905
Arbitary Code execution in Keras load_model()
Same weakness: CWE-73
- CVE-2026-41693
i18next-fs-backend: Path traversal via unsanitised lng/ns al - CVE-2026-44127
Local File Inclusion (LFI) and Arbitrary File Deletion - CVE-2026-7633
Totolink N300RH cstecgi.cgi setUploadSetting file inclusion - CVE-2026-42424
OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Rep - CVE-2026-41177
Squidex has Blind SSRF via file:// Protocol in Restore API l
V. Comments for CVE-2026-1669
No comments yet