{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35167", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-01T17:26:21.133Z", "datePublished": "2026-04-06T17:43:21.922Z", "dateUpdated": "2026-04-07T14:36:34.218Z"}, "containers": {"cna": {"title": "Kedro has a path traversal in versioned dataset loading via unsanitized version string", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw"}, {"name": "https://github.com/kedro-org/kedro/pull/5442", "tags": ["x_refsource_MISC"], "url": "https://github.com/kedro-org/kedro/pull/5442"}], "affected": [{"vendor": "kedro-org", "product": "kedro", "versions": [{"version": "< 1.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:43:21.922Z"}, "descriptions": [{"lang": "en", "value": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0."}], "source": {"advisory": "GHSA-6326-w46w-ppjw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:36:23.631547Z", "id": "CVE-2026-35167", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:36:34.218Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35167", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T14:36:23.631547Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:36:30.403Z"}}], "cna": {"title": "Kedro has a path traversal in versioned dataset loading via unsanitized version string", "source": {"advisory": "GHSA-6326-w46w-ppjw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "kedro-org", "product": "kedro", "versions": [{"status": "affected", "version": "< 1.3.0"}]}], "references": [{"url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw", "name": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kedro-org/kedro/pull/5442", "name": "https://github.com/kedro-org/kedro/pull/5442", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:43:21.922Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35167", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:36:34.218Z", "dateReserved": "2026-04-01T17:26:21.133Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T17:43:21.922Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:kedro:*:*:*:*:*:python:*:*", "matchCriteriaId": "24F97BC8-D0B5-4D19-A22A-81F2A4FDED0E", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0."}], "id": "CVE-2026-35167", "lastModified": "2026-04-14T15:26:03.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-06T18:16:43.217", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/kedro-org/kedro/pull/5442"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "kedro", "source": "cna", "vendor": "kedro-org"}, "product": "kedro", "vendor": "kedro-org"}], "analysis": {"en": {"generated_at": "2026-04-14T16:43:15.054032+00:00", "value": {"mitigation_remediation": ["Upgrade Kedro to version 1.3.0 or later.", "If an upgrade is not yet possible, enforce validation of the version string to reject traversal patterns such as '../' or absolute paths before it is passed to _get_versioned_path.", "Review configuration and CLI usage to ensure that version information is sourced only from trusted inputs.", "Monitor for unexpected file accesses or data integrity issues following a rollback."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized File Access"}, "threat_synthesis": {"affected_systems": "Products affected are Kedro released by kedro-org. Versions earlier than 1.3.0 are vulnerable. The issue can be triggered in any context that calls the catalog.load method with a version argument, the DataCatalog.from_config constructor when load_versions is used, or the command\u2011line interface via the --load-versions option. Users of Kedro 1.2.x, 1.2.y, or any earlier 1.x release should verify whether their deployment has exposed a version string that could be manipulated.", "description_and_impact": "Kedro allows an attacker to influence the version string supplied to dataset loading methods. The _get_versioned_path function builds the file path by inserting this string directly, without sanitization, so traversal sequences such as '../' are preserved. This permits enumeration and reading of files that lie outside the designated versioned dataset directory. An attacker who can control the version parameter can therefore read arbitrary files, inject malicious data into the data pipeline (data poisoning), or access data belonging to other tenants when multiple users share a Kedro deployment. The weakness maps to CWE\u201122, File System Traversal.", "risk_and_exploitability": "The CVSS score of 7.1 indicates high potential for impact, but the EPSS score is below 1%, suggesting few publicly available exploits. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires an attacker to supply or influence a version string in a call to catalog.load or its equivalents. In shared or multi\u2011tenant environments, this gives the attacker access to data that should be isolated, which could lead to confidentiality breaches or data corruption. Regular patching and input validation are therefore recommended."}}}}, "created": "2026-04-06T21:47:03.310682+00:00", "updated": "2026-04-14T16:44:47.999173+00:00", "vendors": ["kedro-org", "kedro-org$PRODUCT$kedro"]}