CVE-2026-35167
Received Received - Intake
Path Traversal in Kedro Versions Allows Unauthorized File Access

Publication date: 2026-04-06

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory. This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35167
EUVD
EUVD-2026-19416
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation kedro to 1.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-35167 is a path traversal vulnerability in the Kedro Python package versions prior to 1.3.0. The issue occurs in the _get_versioned_path() method, which constructs filesystem paths by directly using user-supplied version strings without sanitizing them. Because these version strings are used as parts of the file path, malicious inputs containing traversal sequences like ../ can escape the intended versioned dataset directory.

This vulnerability can be exploited through multiple entry points such as catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI command kedro run --load-versions=dataset:../../../secrets. An attacker who can control the version string can cause Kedro to load files from arbitrary locations outside the designated directory.

Impact Analysis

An attacker exploiting this vulnerability can force Kedro to load files from outside the intended version directory, which can lead to unauthorized file reads, data poisoning, or cross-tenant data access in shared or multi-tenant environments.

This means sensitive files could be exposed, data integrity could be compromised, and data from other tenants or users could be accessed improperly.

Detection Guidance

This vulnerability can be detected by checking if Kedro versions prior to 1.3.0 are in use and if any version strings passed to dataset loading functions or CLI commands contain path traversal sequences such as '../'.

Specifically, you can look for usage of the following entry points with suspicious version strings:

  • catalog.load(..., version=...)
  • DataCatalog.from_config(..., load_versions=...)
  • CLI commands like kedro run --load-versions=dataset:../../../secrets

To detect exploitation attempts or presence of unsafe version strings, you can search your codebase or logs for version parameters containing '../' or absolute paths.

Example commands to detect such patterns might include:

  • grep -r "version=.*\.\./" /path/to/kedro/project
  • grep -r "--load-versions=.*\.\./" /path/to/kedro/project
  • Review logs for suspicious file access outside expected directories.
Mitigation Strategies

The primary immediate step to mitigate this vulnerability is to upgrade Kedro to version 1.3.0 or later, where the issue has been fixed.

If upgrading is not immediately possible, you should validate all version strings before passing them to DataCatalog or the CLI to ensure they do not contain path traversal sequences (such as '..'), path separators, or absolute paths.

This validation prevents malicious inputs from escaping the intended versioned dataset directory and loading unauthorized files.

Additionally, review and restrict who can influence version strings to reduce the risk of exploitation.

Compliance Impact

The vulnerability allows an attacker to use path traversal sequences in version strings to access files outside the intended dataset directory. This can lead to unauthorized file reads, data poisoning, or cross-tenant data access in shared environments.

Such unauthorized access to sensitive or personal data could result in violations of data protection regulations and standards like GDPR or HIPAA, which require strict controls on data confidentiality and access.

Therefore, if exploited, this vulnerability could compromise compliance by exposing protected data to unauthorized parties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35167. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart