CVE-2026-0897
high
CVSS v3
—
CVSS v2
—
VIR risk
8.0
Description
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-0897
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bullseye | affected | |
References
- https://github.com/keras-team/keras/security/advisories/GHSA-mgx6-5cf9-rr43
- https://nvd.nist.gov/vuln/detail/CVE-2026-0897
- https://github.com/keras-team/keras/pull/21880
- https://github.com/keras-team/keras/pull/22081
- https://github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6
- https://github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddb
- https://github.com/keras-team/keras
- https://security-tracker.debian.org/tracker/CVE-2026-0897
- https://github.com/advisories/GHSA-mgx6-5cf9-rr43
Verify integrity in audit chain (admin only). AS-IS.