CVE-2026-0897
15.01.2026, 14:16
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading componentin GoogleKeras3.0.0 through 3.13.0on all platformsallows a remote attackerto cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpretervia a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.Enginsight