UBUNTU-CVE-2026-12480

Source
https://ubuntu.com/security/CVE-2026-12480
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-12480.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-12480
Upstream
  • CVE-2026-12480
Published
2026-07-02T00:00:00Z
Modified
2026-07-02T18:00:46.152246096Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore._verify_dataset() and file_editor.py methods, which fail to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or .h5 weights file containing a Virtual Dataset (VDS) that references external HDF5 files on the victim's filesystem. When the victim loads the model using keras.models.load_model() or keras.saving.load_model(), the external file is transparently read, leading to potential information disclosure. Fixed in versions 3.12.2 and 3.14.1.

References

Affected packages

Ubuntu:18.04:LTS / keras

Package

Name
keras
Purl
pkg:deb/ubuntu/keras?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.7-2
2.*
2.1.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-keras",
            "binary_version": "2.1.1-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-12480.json"

Ubuntu:20.04:LTS / keras

Package

Name
keras
Purl
pkg:deb/ubuntu/keras?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.2.4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-keras",
            "binary_version": "2.2.4-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-12480.json"