You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Security Research — Keras TFSMLayer Scanner Bypass

This model is for authorized security research only.

This repository demonstrates a vulnerability in ProtectAI's modelscan scanner (v0.8.8) where TFSMLayer (TensorFlow SavedModel Layer) enables arbitrary code execution via malicious SavedModel payloads embedded in .keras files.

Vulnerability

modelscan does not inspect TFSMLayer configurations or the SavedModel artifacts they reference. A TFSMLayer pointing to a malicious SavedModel passes scanning with "No issues found" but executes arbitrary code on model load.

Related: CVE-2026-1462

Affected

modelscan <= 0.8.8
.keras format with TFSMLayer

Disclosure

Responsible disclosure via Huntr MFV program.

Downloads last month: 13

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support