Description

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory. This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.

INFO

Published Date :

2026-04-06T17:43:21.922Z

Last Modified :

2026-04-07T14:36:34.218Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35167 vulnerability.

Vendors Products
Kedro-org
  • Kedro
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35167.

URL Resource
https://github.com/kedro-org/kedro/pull/5442 cve-icon cve-icon
https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact