High severityOSV Advisory· Published Jan 15, 2026· Updated Jan 15, 2026
Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
CVE-2026-0897
Description
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kerasPyPI | >= 3.0.0, < 3.12.1 | 3.12.1 |
kerasPyPI | >= 3.13.0, < 3.13.2 | 3.13.2 |
Affected products
7- Range: v3.0.0, v3.0.1, v3.0.2, …
- osv-coords6 versionspkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/tensorflow-cpu-jupyterpkg:apk/chainguard/tensorflow-gpu-jupyterpkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/tensorflow-cpu-jupyterpkg:pypi/keras
< 2.15.0-r4+ 5 more
- (no CPE)range: < 2.15.0-r4
- (no CPE)range: < 2.20.0-r9
- (no CPE)range: < 2.20.0-r8
- (no CPE)range: < 2.15.0-r4
- (no CPE)range: < 2.20.0-r9
- (no CPE)range: >= 3.0.0, < 3.12.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-mgx6-5cf9-rr43ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-0897ghsaADVISORY
- github.com/keras-team/keras/commit/7360d4f0d764fbb1fa9c6408fe53da41974dd4f6ghsaWEB
- github.com/keras-team/keras/commit/f704c887bf459b42769bfc8a9182f838009afddbghsaWEB
- github.com/keras-team/keras/pull/21880ghsaWEB
- github.com/keras-team/keras/pull/22081ghsaWEB
- github.com/keras-team/keras/security/advisories/GHSA-mgx6-5cf9-rr43ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/keras/PYSEC-2026-73.yamlghsaWEB
News mentions
0No linked articles in our index yet.