CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-12480

mediumCVSS 5.5covered by 2 sourcesfirst seen 2026-07-01
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore._verify_dataset() and file_editor.py methods, which fail to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or .h5 weights file containing a Virtual Dataset (VDS) that references external HDF5 files on the victim's filesystem. When the victim loads the model using keras.models.load_model() or keras.saving.load_model(), the external file is transparently read, leading to potential information disclosure. Fixed in versions 3.12.2 and 3.14.1.

CSIRTS triage

What
An arbitrary HDF5 file read vulnerability via virtual dataset bypass has been identified.
Who is affected
Users of keras are affected.
Urgency
Remediation is medium priority due to moderate severity.
Action
Review and apply relevant updates when available.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-12480

Get an email if CVE-2026-12480 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-12480

CVE.org record

Embed the live status

CVE-2026-12480 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-12480 status](https://www.csirts.com/badge/CVE-2026-12480)](https://www.csirts.com/cve/CVE-2026-12480)