AIKIDO-2026-10189
keras-hub is vulnerable to Improper Input Validation
70
High Risk
This Affects:
keras-hubTL;DR
Affected versions of this package contain a safe mode bypass in tokenizer implementations (BytePairTokenizer, WordPieceTokenizer, and SentencePieceTokenizer) that allows arbitrary file reads even when safe_mode=True. An attacker able to control tokenizer configuration, model artifacts, or input paths could exploit this flaw by forcing the tokenizer to load vocabulary or proto files from unintended external locations, resulting in unauthorized access to sensitive files (e.g., credentials, system configuration, or secrets). This can enable credential exfiltration or data leakage, particularly in AI supply chain or model loading workflows where untrusted artifacts are processed.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
keras-hub is vulnerable to Improper Input Validation in versions 0.9.0 - 0.25.1.
How to fix this
Upgrade the keras-hub library to the patch version.
Background Info
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant