🟠 High | Source: Microsoft Security Response Center
CVE-2026-11816 is a path traversal vulnerability identified in keras-team/keras, a widely used open-source deep learning framework. Path traversal flaws allow attackers to read or write files outside intended directories, potentially exposing sensitive data or enabling code execution. This matters because Keras is commonly used in cloud-based ML pipelines and AI workloads, including those hosted on Azure.
Security Architect’s Take: Audit any Azure ML or cloud-based AI pipelines that incorporate Keras and apply vendor patches or mitigations immediately; additionally, enforce least-privilege file system access controls around any services loading or saving Keras model files to limit the blast radius of exploitation.
Original advisory: CVE-2026-11816 Path Traversal in keras-team/keras