Every CVE whose affected-product data names Linuxfoundation Kedro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-35171 — CVSS 9.8 (critical): Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the…
CVE-2026-35167 — CVSS 7.1 (high): Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs…
CVE-2026-3840 — CVSS 7.1 (high): A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The…