{"id":"PYSEC-2026-71","details":"Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.","aliases":["CVE-2026-35167","GHSA-6326-w46w-ppjw"],"modified":"2026-05-20T09:19:03.261500Z","published":"2026-04-06T18:16:43.217Z","references":[{"type":"ADVISORY","url":"https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw"},{"type":"REPORT","url":"https://github.com/kedro-org/kedro/pull/5442"}],"affected":[{"package":{"name":"kedro","ecosystem":"PyPI","purl":"pkg:pypi/kedro"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0"}]}],"versions":["0.14.0","0.14.1","0.14.2","0.14.3","0.15.0","0.15.1","0.15.2","0.15.3","0.15.4","0.15.5","0.15.6","0.15.7","0.15.8","0.15.9","0.16.0","0.16.1","0.16.2","0.16.3","0.16.4","0.16.5","0.16.6","0.17.0","0.17.1","0.17.2","0.17.3","0.17.4","0.17.5","0.17.6","0.17.7","0.18.0","0.18.1","0.18.10","0.18.11","0.18.12","0.18.13","0.18.14","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.18.8","0.18.9","0.19.0","0.19.1","0.19.10","0.19.11","0.19.12","0.19.13","0.19.14","0.19.15","0.19.2","0.19.3","0.19.4","0.19.5","0.19.6","0.19.7","0.19.8","0.19.9","1.0.0","1.0.0rc1","1.0.0rc2","1.0.0rc3","1.1.0","1.1.1","1.2.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/kedro/PYSEC-2026-71.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}