Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Kedro: Malicious File Access Through Version String
GHSA-6326-w46w-ppjw
CVE-2026-35167
Summary
A security risk exists in Kedro's file loading feature. An attacker could use a specially crafted version string to access files outside the intended directory, potentially leading to unauthorized data access or tampering. To fix this, update Kedro to version 1.3.0 or more, or validate version strings to prevent malicious input.
What to do
- Update kedro to version 1.3.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | kedro | <= 1.3.0 | 1.3.0 |
Original title
Kedro: Path Traversal in versioned dataset loading via unsanitized version string
Original description
### Impact
The `_get_versioned_path()` method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.
This is reachable through multiple entry points: `catalog.load(..., version=...)`, `DataCatalog.from_config(..., load_versions=...)`, and the CLI via `kedro run --load-versions=dataset:../../../secrets`. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments.
### Patches
Yes. Fixed in kedro version 1.3.0. Users should upgrade to kedro >= 1.3.0.
### Workarounds
Validate version strings before passing them to DataCatalog or the CLI, ensuring they do not contain `..` segments, path separators, or absolute paths.
The `_get_versioned_path()` method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.
This is reachable through multiple entry points: `catalog.load(..., version=...)`, `DataCatalog.from_config(..., load_versions=...)`, and the CLI via `kedro run --load-versions=dataset:../../../secrets`. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments.
### Patches
Yes. Fixed in kedro version 1.3.0. Users should upgrade to kedro >= 1.3.0.
### Workarounds
Validate version strings before passing them to DataCatalog or the CLI, ensuring they do not contain `..` segments, path separators, or absolute paths.
ghsa CVSS3.1
7.1
Vulnerability type
CWE-22
Path Traversal
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026