Back to Blog

CVE-2026-1462: Vulnerability Analysis

Analysis of CVE-2026-1462 vulnerability with CVSS score 8.8.

CVE Analysis

5 min read

ZeroPath Security Research
ZeroPath Security Research

2026-04-13

CVE-2026-1462: Vulnerability Analysis
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

CVE-2026-1462: Vulnerability Analysis

Executive Summary

Unable to generate a complete analysis due to an error.

Technical Specifications

  • CVE ID: CVE-2026-1462
  • Vendors: Unknown
  • Date Reported: 2026-04-13T15:17:18.967
  • CVSS Score: 8.8
  • Description: A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of .keras models, even when safe_mode=True. This bypasses the security guarantees of safe_mode and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the from_config() method.
  • CWE IDs: CWE-502

References

Follow ZeroPath
ZeroPath on XZeroPath on LinkedIn

Related Articles

Brief Summary: Mesa 3D Graphics Library CVE-2026-40393, Out of Bounds Write via WebGPU Shader Input
CVE Analysis

2026-04-12

5 min read

Brief Summary: Mesa 3D Graphics Library CVE-2026-40393, Out of Bounds Write via WebGPU Shader Input

A short review of CVE-2026-40393, a high severity out of bounds memory access in Mesa's WebGPU component caused by untrusted shader input controlling alloca size. Affected versions and mitigation guidance are covered.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

wpForo Forum CVE-2026-5809: Brief Summary of Arbitrary File Deletion via Poisoned Postmeta
CVE Analysis

2026-04-11

6 min read

wpForo Forum CVE-2026-5809: Brief Summary of Arbitrary File Deletion via Poisoned Postmeta

A brief summary of CVE-2026-5809, a high severity arbitrary file deletion vulnerability in the wpForo Forum plugin for WordPress that allows subscriber level users to delete critical server files through a two step postmeta poisoning attack.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Brief Summary: CVE-2026-34621 Prototype Pollution in Adobe Acrobat Reader Leading to Arbitrary Code Execution
CVE Analysis

2026-04-10

7 min read

Brief Summary: CVE-2026-34621 Prototype Pollution in Adobe Acrobat Reader Leading to Arbitrary Code Execution

A brief summary of CVE-2026-34621, a critical prototype pollution vulnerability in Adobe Acrobat Reader (CVSS 9.6) that enables arbitrary code execution when a user opens a crafted file. We cover the technical root cause, affected versions, threat intelligence context, and recommended mitigations.

ZeroPath CVE Analysis

ZeroPath CVE Analysis

Detect & fix
what others miss

Book a Demo
Security magnifying glass visualization