UNKNOWNCVE-2026-35171

CVE-2026-35171: Kedro <=1.2.0 RCE Vulnerability

Q: What is CVE-2026-35171?

CVE-2026-35171 is a critical Remote Code Execution (RCE) vulnerability in Kedro that allows attackers to execute arbitrary system commands.

Q: Am I affected by CVE-2026-35171?

You are affected if you are using Kedro version 1.2.0 or earlier.

Q: How do I fix CVE-2026-35171?

Upgrade to Kedro version 1.3.0 or later. This version introduces validation to prevent the vulnerability.

Plattform

python

Komponente

kedro

Behoben in

1.3.0

Auf NVD ansehen

CVE-2026-35171 is a critical Remote Code Execution (RCE) vulnerability in Kedro caused by the unsafe use of `logging.config.dictConfig()` with user-controlled input. An attacker can exploit this to execute arbitrary system commands during application startup. This affects Kedro versions 1.2.0 and earlier. The vulnerability is fixed in version 1.3.0 by introducing input validation.

So beheben

Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.

Häufig gestellte Fragen

What is CVE-2026-35171?

CVE-2026-35171 is a critical Remote Code Execution (RCE) vulnerability in Kedro that allows attackers to execute arbitrary system commands.

Am I affected by CVE-2026-35171?

You are affected if you are using Kedro version 1.2.0 or earlier.

How do I fix CVE-2026-35171?

Upgrade to Kedro version 1.3.0 or later. This version introduces validation to prevent the vulnerability.

Abhängigkeiten automatisch überwachen

Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.

Kostenlos starten