EUVD-2026-36497

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

CVE-2026-3840 Path Traversal in kedro-org/kedro

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

PT-2026-48927

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

Kedro 路径遍历漏洞

Kedro is an open-source production-ready data science toolkit developed by Kedro. Versions prior to Kedro 1.3.0 contained a path traversal vulnerability. This vulnerability stemmed from the getversionedpath method not clearing the version string provided by the user, allowing for path traversal a...

PT-2026-30018

Impact The get versioned path method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended version...