Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.2 views

CVE-2026-35171

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS6.7AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/06 5:45 p.m.18 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS0.00202EPSS
Exploits0References1
CVE
CVEadded 2026/04/06 5:45 p.m.6 views

CVE-2026-35171

Kedro is affected by an RCE via unsafe use of logging.config.dictConfig() with user-controlled input. The vulnerability arises because Kedro can read a logging config path from the KEDRO_LOGGING_CONFIG environment variable and load it without validation, allowing the special () key to instantiate...

9.8CVSS6.7AI score0.00202EPSS
Exploits0References1Affected Software1
Snyk
Snykadded 2026/04/03 3:48 a.m.3 views

Deserialization of Untrusted Data

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the logging.config.dictConfig function when user-controlled input is used for the logging configuration file path, whic...

9.8CVSS6.1AI score0.00202EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/03 3:48 a.m.5 views

Kedro has Arbitrary Code Execution via Malicious Logging Configuration

Impact This is a critical remote code execution RCE vulnerability caused by unsafe use of logging.config.dictConfig with user-controlled input. Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging...

9.8CVSS6.7AI score0.00202EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/04/03 3:48 a.m.3 views

GHSA-9CQF-439C-J96R Kedro has Arbitrary Code Execution via Malicious Logging Configuration

Impact This is a critical remote code execution RCE vulnerability caused by unsafe use of logging.config.dictConfig with user-controlled input. Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging...

9.8CVSS6.7AI score0.00202EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/03 12:0 a.m.4 views

PT-2026-30019

Name of the Vulnerable Software and Affected Versions Kedro versions prior to 1.3.0 Description Kedro is susceptible to a critical Remote Code Execution RCE issue stemming from the unsafe utilization of logging.config.dictConfig with user-controlled input. The software permits setting the logging...

9.8CVSS6.2AI score0.00202EPSS
Exploits0References6
Rows per page
Query Builder