{"data":{"id":"66f5a4fc-e3e8-4f6c-85c9-77bfc74e6ce7","title":"CVE-2026-12480: Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE","summary":"Keras versions up to 3.13.2 have a security flaw that lets attackers read files from your computer by hiding malicious instructions in model files. When you load a model using Keras functions like `keras.models.load_model()`, the vulnerability doesn't properly check if datasets are virtual (pointing to other files), so it automatically reads files an attacker specifies, potentially exposing sensitive data.","solution":"Fixed in versions 3.12.2 and 3.14.1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-12480","publishedAt":"2026-07-01T17:16:19.330Z","cveId":"CVE-2026-12480","cweIds":["CWE-73"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Keras"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-01T17:16:19.330Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}