CNNVD-202602-1795 Information
Feb 11, 2026
cve
CNNVD ID
CNNVD-202602-1795
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
Keras是Keras开源的一个多后端深度学习框架。 Keras 3.13.1及之前版本存在安全漏洞,该漏洞源于模型加载机制(HDF5集成)存在缺陷,可能导致远程攻击者通过特制.keras模型文件读取本地文件并泄露敏感信息。
Description (English)
Keras is a multi-back-end in-depth learning framework for Keras open sources. There is a security loophole in Keras 3.13.1 and earlier versions, which stems from deficiencies in the model loading mechanism (HDF5 integration), which may lead to remote assailants reading local documents and leaking sensitive information through specially designed .keras model files.
Vulnerability Type
其他
Affected Vendor
Keras
Published
2026-02-11
Last Modified
2026-02-24
References
https://github.com/google/security-research/security/advisories
Patch
https://keras.io/getting_started/
Share on: