GHSA-gfmx-qqqh-f38q: Duplicate Advisory: Keras vulnerable to arbitrary file read in the model loading mechanism (HDF5 integration)

February 12, 2026 (updated February 18, 2026)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-3m4q-jmj6-r34q. This link is maintained to preserve external references.

Original Description

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras model file utilizing HDF5 external dataset references.

References

github.com/advisories/GHSA-gfmx-qqqh-f38q
github.com/google/security-research/security/advisories
github.com/keras-team/keras
nvd.nist.gov/vuln/detail/CVE-2026-1669

Code Behaviors & Features

Detect and mitigate GHSA-gfmx-qqqh-f38q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →