🟠 High | Source: Microsoft Security Response Center
A vulnerability in the Keras deep learning library (CVE-2026-12480) allows an attacker to bypass virtual dataset protections in the HDF5 file format, enabling arbitrary file reads on the host system. This could expose sensitive data, configuration files, or credentials on systems where Keras is used to load untrusted model files. It is particularly relevant to cloud-based ML training and inference environments where user-supplied or third-party model files are processed.
Security Architect’s Take: Audit any Azure ML or cloud-hosted Keras workloads that load HDF5 model files from untrusted or external sources, and enforce strict input validation or sandboxing around model ingestion pipelines. Apply the patched Keras version as soon as it is available, and consider restricting file system permissions for processes handling model files in the interim.
Original advisory: CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras