Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/04/13 3:31 p.m.12 views

Keras has an untrusted deserialization vulnerability

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.7AI score0.00328EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/13 3:17 p.m.5 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS0.00328EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/04/13 3:17 p.m.17 views

CVE-2026-1462

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS7.6AI score0.00328EPSS
Exploits1References3
CVE
CVE
added 2026/04/13 2:55 p.m.24 views

CVE-2026-1462

The CVE-2026-1462 issue affects the keras package (v3.13.0) via the TFSMLayer deserialization path. The vulnerability allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safe_mode is enabled, due to unconditional loading of external Sa...

8.8CVSS7.7AI score0.00328EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 2:55 p.m.11 views

CVE-2026-1462 Safe Mode Bypass in keras-team/keras

A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safemode=True. This bypasses the security guarantees of safemode and enables arbitrary attacker-controlled...

8.8CVSS6.3AI score0.00328EPSS
Exploits1References2
Rows per page
Query Builder