{"id":"CVE-2026-1462","summary":"Safe Mode Bypass in keras-team/keras","details":"A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the `from_config()` method.","aliases":["GHSA-4f3f-g24h-fr8m","PYSEC-2026-2547"],"modified":"2026-07-15T01:48:52.129804820Z","published":"2026-04-13T14:55:28.649Z","related":["CGA-f759-wgf5-qgq4"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1462.json","cna_assigner":"@huntr_ai","cwe_ids":["CWE-502"]},"references":[{"type":"WEB","url":"https://huntr.com/bounties/7e78d6f1-6977-4300-b595-e81bdbda331c"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1462.json"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:24977"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:37275"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-1462"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1462.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457856"},{"type":"FIX","url":"https://github.com/keras-team/keras/commit/b6773d3decaef1b05d8e794458e148cb362f163f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/keras-team/keras","events":[{"introduced":"986ff971d98e216a89fba38d48a337ed09d6dc44"},{"fixed":"b6773d3decaef1b05d8e794458e148cb362f163f"}],"database_specific":{"source":["CPE_STRING","REFERENCES"],"cpe":"cpe:2.3:a:keras:keras:3.13.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.13.0"},{"last_affected":"3.13.0"}]}}],"versions":["3.13.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1462.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}