#VU125038 External Control of File Name or Path in Keras - CVE-2026-1669
Published: April 7, 2026
Vulnerability identifier: #VU125038
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-1669
CWE-ID: CWE-73
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Keras
Keras
Software vendor:
Keras
Keras
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to external control of file name or path in the Keras HDF5 weight loading functionality when processing an attacker-supplied HDF5 weights file or .keras archive. A remote attacker can supply a specially crafted weights file with HDF5 external storage or external links to disclose sensitive information.
User interaction is required to load the malicious weights file or model archive, and the target file must be readable by the process.
Remediation
Install security update from vendor's website.