Google Keras 3.0.0-3.13.0: HDF5 Loader Resource Exhaustion DoS
CVE-2026-0897 Published on January 15, 2026

Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

NVD

Weakness Type

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Affected Versions

Google Keras:

Version 3.0.0, <= 3.13.0 is affected.

Exploit Probability

EPSS

0.03%

Percentile

8.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Google Keras 3.0.0-3.13.0: HDF5 Loader Resource Exhaustion DoSCVE-2026-0897 Published on January 15, 2026

Weakness Type

Allocation of Resources Without Limits or Throttling

Affected Versions

Exploit Probability

Google Keras 3.0.0-3.13.0: HDF5 Loader Resource Exhaustion DoS
CVE-2026-0897 Published on January 15, 2026