{"id":"CVE-2026-1669","details":"Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.","aliases":["GHSA-3m4q-jmj6-r34q"],"modified":"2026-03-13T04:01:53.685547Z","published":"2026-02-11T23:16:03.750Z","related":["CGA-r7jw-f2wf-fcg4"],"references":[{"type":"ADVISORY","url":"https://github.com/google/security-research/security/advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/keras-team/keras","events":[{"introduced":"9c675a9a45e5e8244163fea82efc6066722608a1"},{"last_affected":"8914427b7fa9d90f3c476cb2ee65d55d4f808e65"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"last_affected":"3.13.1"}]}}],"versions":["v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.1.0","v3.1.1","v3.10.0","v3.11.0","v3.12.0","v3.13.0","v3.13.1","v3.2.0","v3.2.1","v3.3.0","v3.3.1","v3.3.2","v3.3.3","v3.4.0","v3.4.1","v3.5.0","v3.6.0","v3.7.0","v3.8.0","v3.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1669.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}