CVE-2026-0897 - Vulnerability Details - OpenCVE

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/keras-team/keras/pull/21880

History

Thu, 15 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
Title		Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
Weaknesses		CWE-770
References		https://github.com/keras-team/keras/pull/21880
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2026-01-15T14:09:53.603Z

Updated: 2026-01-15T14:09:53.603Z

Reserved: 2026-01-13T15:59:54.703Z

Link: CVE-2026-0897

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-15T14:16:26.890

Modified: 2026-01-15T14:16:26.890

Link: CVE-2026-0897

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0897", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2026-01-13T15:59:54.703Z", "datePublished": "2026-01-15T14:09:53.603Z", "dateUpdated": "2026-01-15T14:09:53.603Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Keras", "vendor": "Google", "versions": [{"lessThanOrEqual": "3.13.0", "status": "affected", "version": "3.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sarvesh Patil"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Allocation of Resources Without Limits or Throttling <span style=\"background-color: rgb(255, 255, 255);\">in </span>the HDF5 weight loading component<span style=\"background-color: rgb(255, 255, 255);\"> </span><span style=\"background-color: rgb(255, 255, 255);\">in </span>Google<span style=\"background-color: rgb(255, 255, 255);\"> </span>Keras<span style=\"background-color: rgb(255, 255, 255);\"> </span>3.0.0 through 3.13.0<span style=\"background-color: rgb(255, 255, 255);\"> </span><span style=\"background-color: rgb(255, 255, 255);\">on </span>all platforms<span style=\"background-color: rgb(255, 255, 255);\"> allows </span>a remote attacker<span style=\"background-color: rgb(255, 255, 255);\"> to </span>cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter<span style=\"background-color: rgb(255, 255, 255);\"> </span><span style=\"background-color: rgb(255, 255, 255);\">via </span>a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape<span style=\"background-color: rgb(255, 255, 255);\">.</span><br>"}], "value": "Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component\u00a0in Google\u00a0Keras\u00a03.0.0 through 3.13.0\u00a0on all platforms\u00a0allows a remote attacker\u00a0to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter\u00a0via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape."}], "impacts": [{"capecId": "CAPEC-197", "descriptions": [{"lang": "en", "value": "CAPEC-197 Exponential Data Expansion"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2026-01-15T14:09:53.603Z"}, "references": [{"url": "https://github.com/keras-team/keras/pull/21880"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component\u00a0in Google\u00a0Keras\u00a03.0.0 through 3.13.0\u00a0on all platforms\u00a0allows a remote attacker\u00a0to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter\u00a0via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape."}], "id": "CVE-2026-0897", "lastModified": "2026-01-15T14:16:26.890", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2026-01-15T14:16:26.890", "references": [{"source": "cve-coordination@google.com", "url": "https://github.com/keras-team/keras/pull/21880"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}