PYSEC-2026-369

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/keras/PYSEC-2026-369.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-369

Aliases

Published

2026-06-29T11:50:39.628931Z

Modified

2026-06-29T12:15:24.115704309Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Keras code injection vulnerability

Details

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.

References

Affected packages

PyPI / keras

Package

Name: keras; View open source insights on deps.dev
Purl: pkg:pypi/keras

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.1rc0

Affected versions

0.*

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0rc0

2.6.0rc0

2.6.0rc1

2.6.0rc2

2.6.0rc3

2.6.0

2.7.0rc0

2.7.0rc2

2.7.0

2.8.0rc0

2.8.0rc1

2.8.0

2.9.0rc0

2.9.0rc1

2.9.0rc2

2.9.0

2.10.0rc0

2.10.0rc1

2.10.0

2.11.0rc0

2.11.0rc1

2.11.0rc2

2.11.0rc3

2.11.0

2.12.0rc0

2.12.0rc1

2.12.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/keras/PYSEC-2026-369.yaml"