Description
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.
This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.
Published: 2026-04-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized File Access
Action: Immediate Patch
AI Analysis

Impact

Kedro allows an attacker to influence the version string supplied to dataset loading methods. The _get_versioned_path function builds the file path by inserting this string directly, without sanitization, so traversal sequences such as '../' are preserved. This permits enumeration and reading of files that lie outside the designated versioned dataset directory. An attacker who can control the version parameter can therefore read arbitrary files, inject malicious data into the data pipeline (data poisoning), or access data belonging to other tenants when multiple users share a Kedro deployment. The weakness maps to CWE‑22, File System Traversal.

Affected Systems

Products affected are Kedro released by kedro-org. Versions earlier than 1.3.0 are vulnerable. The issue can be triggered in any context that calls the catalog.load method with a version argument, the DataCatalog.from_config constructor when load_versions is used, or the command‑line interface via the --load-versions option. Users of Kedro 1.2.x, 1.2.y, or any earlier 1.x release should verify whether their deployment has exposed a version string that could be manipulated.

Risk and Exploitability

The CVSS score of 7.1 indicates high potential for impact, but the EPSS score is below 1%, suggesting few publicly available exploits. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires an attacker to supply or influence a version string in a call to catalog.load or its equivalents. In shared or multi‑tenant environments, this gives the attacker access to data that should be isolated, which could lead to confidentiality breaches or data corruption. Regular patching and input validation are therefore recommended.

Generated by OpenCVE AI on April 14, 2026 at 16:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kedro to version 1.3.0 or later.
  • If an upgrade is not yet possible, enforce validation of the version string to reject traversal patterns such as '../' or absolute paths before it is passed to _get_versioned_path.
  • Review configuration and CLI usage to ensure that version information is sourced only from trusted inputs.
  • Monitor for unexpected file accesses or data integrity issues following a rollback.

Generated by OpenCVE AI on April 14, 2026 at 16:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6326-w46w-ppjw Kedro: Path Traversal in versioned dataset loading via unsanitized version string
History

Tue, 14 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation kedro
CPEs cpe:2.3:a:linuxfoundation:kedro:*:*:*:*:*:python:*:*
Vendors & Products Linuxfoundation
Linuxfoundation kedro

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Kedro-org
Kedro-org kedro
Vendors & Products Kedro-org
Kedro-org kedro

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory. This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.
Title Kedro has a path traversal in versioned dataset loading via unsanitized version string
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Kedro-org Kedro
Linuxfoundation Kedro
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T14:36:34.218Z

Reserved: 2026-04-01T17:26:21.133Z

Link: CVE-2026-35167

cve-icon Vulnrichment

Updated: 2026-04-07T14:36:30.403Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T18:16:43.217

Modified: 2026-04-14T15:26:03.083

Link: CVE-2026-35167

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:44:47Z

Weaknesses