CVE-2026-12480: Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE
Summary
Keras versions up to 3.13.2 have a security flaw that lets attackers read files from your computer by hiding malicious instructions in model files. When you load a model using Keras functions like `keras.models.load_model()`, the vulnerability doesn't properly check if datasets are virtual (pointing to other files), so it automatically reads files an attacker specifies, potentially exposing sensitive data.
Solution / Mitigation
Fixed in versions 3.12.2 and 3.14.1.
Vulnerability Details
EPSS: 0.0%
July 1, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-12480
First tracked: July 1, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 92%