PYSEC-2026-71

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/kedro/PYSEC-2026-71.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-71
Aliases
Published
2026-04-06T18:16:43.217Z
Modified
2026-05-20T09:19:03.261500Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory. This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.fromconfig(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.

References

Affected packages

PyPI / kedro

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0

Affected versions

0.*
0.14.0
0.14.1
0.14.2
0.14.3
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.15.5
0.15.6
0.15.7
0.15.8
0.15.9
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.16.6
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.18.8
0.18.9
0.18.10
0.18.11
0.18.12
0.18.13
0.18.14
0.19.0
0.19.1
0.19.2
0.19.3
0.19.4
0.19.5
0.19.6
0.19.7
0.19.8
0.19.9
0.19.10
0.19.11
0.19.12
0.19.13
0.19.14
0.19.15
1.*
1.0.0rc1
1.0.0rc2
1.0.0rc3
1.0.0
1.1.0
1.1.1
1.2.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/kedro/PYSEC-2026-71.yaml"