{"id":"GHSA-6326-w46w-ppjw","summary":"Kedro: Path Traversal in versioned dataset loading via unsanitized version string","details":"### Impact\nThe `_get_versioned_path()` method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: `catalog.load(..., version=...)`, `DataCatalog.from_config(..., load_versions=...)`, and the CLI via `kedro run --load-versions=dataset:../../../secrets`. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments.\n\n### Patches\nYes. Fixed in kedro version 1.3.0. Users should upgrade to kedro \u003e= 1.3.0.\n\n### Workarounds\nValidate version strings before passing them to DataCatalog or the CLI, ensuring they do not contain `..` segments, path separators, or absolute paths.","aliases":["CVE-2026-35167"],"modified":"2026-04-06T23:50:38.899411Z","published":"2026-04-03T03:46:48Z","database_specific":{"cwe_ids":["CWE-22"],"severity":"HIGH","nvd_published_at":"2026-04-06T18:16:43Z","github_reviewed":true,"github_reviewed_at":"2026-04-03T03:46:48Z"},"references":[{"type":"WEB","url":"https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-35167"},{"type":"WEB","url":"https://github.com/kedro-org/kedro/pull/5442"},{"type":"PACKAGE","url":"https://github.com/kedro-org/kedro"}],"affected":[{"package":{"name":"kedro","ecosystem":"PyPI","purl":"pkg:pypi/kedro"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"versions":["0.14.0","0.14.1","0.14.2","0.14.3","0.15.0","0.15.1","0.15.2","0.15.3","0.15.4","0.15.5","0.15.6","0.15.7","0.15.8","0.15.9","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.16.5","0.16.6","0.17.0","0.17.1","0.17.2","0.17.3","0.17.4","0.17.5","0.17.6","0.17.7","0.18.0","0.18.1","0.18.10","0.18.11","0.18.12","0.18.13","0.18.14","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.8","0.18.9","0.19.0","0.19.1","0.19.10","0.19.11","0.19.12","0.19.13","0.19.14","0.19.15","0.19.2","0.19.3","0.19.4","0.19.5","0.19.6","0.19.7","0.19.8","0.19.9","1.0.0","1.0.0rc1","1.0.0rc2","1.0.0rc3","1.1.0","1.1.1","1.2.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-6326-w46w-ppjw/GHSA-6326-w46w-ppjw.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"}]}