Hugging Face's logo

chirper
/
rwkv7-rce-poc

Keras
KerasHub
rwkv
security-research
Model card Files
xet
Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

RWKV7 Security Research PoC

⚠️ This is a proof-of-concept for responsible security disclosure. Do not run untrusted models.

This repository contains a minimal .keras artifact used to demonstrate a deserialization vulnerability in keras-hub RWKVTokenizer (keras-hub==0.26.0).

What this demonstrates

Loading the model with keras.models.load_model() triggers code execution via eval() while parsing tokenizer vocabulary lines.

For safety, the payload is intentionally harmless and only runs:

touch /tmp/pwned

Reproduction 

import keras

# safe_mode=True does NOT prevent this issue
obj = keras.models.load_model("poc_for_upload.keras", safe_mode=True)

After loading, /tmp/pwned will exist on the local machine.

Security note

This PoC is provided strictly for coordinated vulnerability disclosure and patch validation.

Downloads last month
14
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support