VDB
CGA-9f7m-cgx3-xx9v
CGA-9f7m-cgx3-xx9v
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wolfi | tensorflow-cpu-jupyter | 0, 0, 0 |
| Chainguard | tensorflow-cpu-jupyter | 0, 0, 0 |
| Wolfi | kubeflow-pipelines-visualization-server | 0, 0, 0 |
| Chainguard | kubeflow-pipelines-visualization-server | 0, 0, 0 |
| Chainguard | tensorflow-gpu-jupyter | 0, 0, 0 |
Exploit Intelligence
- Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras (github-poc-repo)
- Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras (github-poc)
- CVE-2026-0897.json (github-poc)
- package.py (github-poc)
Timeline
- Jan 29, 2026 CVE Published
- Feb 5, 2026 CVE Updated