HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-3840Published Modified CNA @huntr_ai

CVE-2026-3840: Path Traversal in kedro-org/kedro

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and access files outside the expected path. The issue is also reachable through the CLI via the `--load-versions` parameter, as `_split_load_versions()` in `kedro/framework/cli/utils.py` does not validate the version string. This vulnerability can lead to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers.

Metrics

CVSS v3.0
7.1
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A path traversal vulnerability in Kedro version 1.2.0 allows a local attacker with low-privilege access to escape the intended versioned dataset directory by supplying a crafted version string. The flaw exists in the `_get_versioned_path()` method in `kedro/io/core.py`, which interpolates user-supplied version strings into filesystem paths without sanitization; it is also reachable via the `--load-versions` CLI parameter. Successful exploitation gives the attacker read and write access to files outside the intended directory, enabling unauthorized data access, data poisoning, and cross-tenant data leakage. No fix version has been published; HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-3840 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images that bundle Kedro. Any image found to carry an affected version of kedro-org/kedro is flagged automatically.

Available
Triage

Triage is available using the CVSS v3.0 score of 7.1 (HIGH), with per-environment compliance policy weighting applied to prioritize findings against each customer's own risk thresholds. Routed findings land in the correct team inbox based on each organization's configured ownership rules, so the right engineers see the alert without manual filtering.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a remediated release appears. In the interim, customers with compensating-control policies can apply network isolation or restrict CLI access to the affected parameter through HarborGuard's policy enforcement hooks.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no over-the-network access to the service is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient; no elevated or administrative credentials are needed.

  • Victim interactionNot required

    No action from another user or victim is required; the attacker can trigger the vulnerability independently.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and requires no race conditions, specific memory layout, or other environmental prerequisites.

Blast Radius

  • Reads arbitrary files on the local filesystem outside the intended versioned dataset directory, including configuration files, credentials, and other projects' data.
  • Writes or overwrites files outside the intended directory, poisoning datasets consumed by downstream pipeline runs or other tenants sharing the same filesystem.
  • In multi-tenant or orchestrated environments, enables cross-project or cross-tenant data access by traversing shared storage paths.
  • Downstream pipeline stages that consume the tampered data inherit the corrupted state, potentially propagating incorrect results through automated workflows.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been published for CVE-2026-3840, the platform re-evaluates the advisory on every ingest cycle and will surface a patched-image rebuild automatically once kedro-org/kedro ships a remediated release. For customers who opt into auto-remediation, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention at that point. In the meantime, HarborGuard supports several compensating controls: network-policy isolation can restrict which processes and users can invoke Kedro CLI commands; filesystem-level access controls or read-only volume mounts can limit the scope of any traversal; and feature-flag or entrypoint gating can disable the `--load-versions` parameter in automated pipelines until a patch is available. Customers with compliance policies that require acknowledgment of unpatched HIGH-severity findings will see this CVE surfaced in their policy dashboard for manual review and sign-off.

See how HarborGuard automates this
Affected packages
  • kedro-org / kedro-org/kedro
    ≤ latest
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References