CVE-2026-35492 Overview
CVE-2026-35492 is a path traversal vulnerability affecting Kedro-Datasets, a Kedro plugin providing data connectors for various storage backends. Prior to version 9.3.0, the PartitionedDataset component was vulnerable to path traversal attacks where partition IDs were concatenated directly with the dataset base path without proper validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured dataset directory, potentially overwriting arbitrary files on the filesystem.
Critical Impact
Attackers can exploit this path traversal vulnerability to write files outside the intended dataset directory, potentially overwriting critical system or application files across local filesystem, S3, GCS, and other storage backends.
Affected Products
- Kedro-Datasets versions prior to 9.3.0
- All storage backends including local filesystem, S3, and GCS
- Any application using PartitionedDataset component
Discovery Timeline
- 2026-04-07 - CVE CVE-2026-35492 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-35492
Vulnerability Analysis
This path traversal vulnerability (CWE-22) exists in the PartitionedDataset component of Kedro-Datasets. The flaw stems from insufficient input validation when handling partition IDs. When a user or automated process supplies a partition ID, the system directly concatenates this value with the configured base path without sanitizing or validating the input for directory traversal sequences.
The vulnerability allows an attacker with the ability to influence partition IDs to escape the intended dataset directory and write files to arbitrary locations on the filesystem. This affects the integrity of the system, as malicious actors could overwrite configuration files, inject code into application directories, or corrupt critical data.
The attack requires network access and low privileges to execute, making it accessible to authenticated users who can supply partition IDs to the system. While confidentiality is not directly impacted, the integrity implications are significant due to the ability to modify files outside the designated storage area.
Root Cause
The root cause of this vulnerability is the lack of input validation on partition IDs before path concatenation. The PartitionedDataset implementation directly joins the base path with user-supplied partition identifiers without checking for path traversal sequences such as .. or absolute path indicators. This violates the principle of proper input sanitization and allows directory escape attacks.
Attack Vector
The attack can be executed over the network by any authenticated user who can supply partition IDs to the PartitionedDataset component. The attacker crafts a malicious partition ID containing path traversal sequences (e.g., ../../etc/) that, when concatenated with the base path, resolves to a location outside the intended dataset directory.
The vulnerability mechanism involves the following process: when data is written to a partition, the partition ID is appended to the configured base path. By injecting .. sequences into the partition ID, an attacker can navigate up the directory tree and then into arbitrary directories, effectively writing files anywhere the application has write permissions. This applies to all supported storage backends including local filesystems and cloud storage services like Amazon S3 and Google Cloud Storage.
For detailed technical information, see the GitHub Security Advisory and the related GitHub Issue Discussion.
Detection Methods for CVE-2026-35492
Indicators of Compromise
- File system access logs showing writes to unexpected directories outside configured dataset paths
- Partition IDs in application logs containing .. or other path traversal sequences
- Unexpected file modifications in system or application directories
- Audit trails showing data operations with anomalous path patterns
Detection Strategies
- Monitor application logs for partition IDs containing suspicious path components such as .., ./, or absolute paths
- Implement file integrity monitoring on critical directories to detect unauthorized file writes
- Review data pipeline configurations to identify use of PartitionedDataset with external or untrusted partition ID sources
- Deploy runtime application security monitoring to detect path traversal attempts
Monitoring Recommendations
- Enable verbose logging for Kedro pipeline operations to capture partition ID values
- Configure cloud storage access logging (S3 CloudTrail, GCS audit logs) to track object writes
- Set up alerts for file operations outside expected dataset directories
- Implement centralized log collection for correlation of suspicious partition access patterns
How to Mitigate CVE-2026-35492
Immediate Actions Required
- Upgrade Kedro-Datasets to version 9.3.0 or later immediately
- Audit existing data pipelines to identify all uses of PartitionedDataset
- Review historical partition IDs for evidence of exploitation attempts
- Restrict write permissions for the application to minimize potential impact
Patch Information
The vulnerability has been fixed in Kedro-Datasets version 9.3.0. The fix implements proper validation of partition IDs before path concatenation, rejecting any input containing path traversal sequences. Users should upgrade to this version or later to remediate the vulnerability.
For patch details, see the GitHub Pull Request that addresses this issue.
Workarounds
- Implement input validation at the application layer to sanitize partition IDs before passing to PartitionedDataset
- Use allowlists to restrict partition ID formats to known safe patterns (alphanumeric characters only)
- Deploy network segmentation to limit access to systems running vulnerable Kedro-Datasets versions
- Monitor and alert on any partition operations until upgrade is complete
# Upgrade kedro-datasets to the patched version
pip install --upgrade kedro-datasets>=9.3.0
# Verify installed version
pip show kedro-datasets | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
