MSRC_CVE-2026-0897 — Vulnetix

MSRC_CVE-2026-0897 PUBLISHED CVSS 7.5 HIGH

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
	azl3 keras 3.3.3-5
	<azl3 keras 3.3.3-6
	azl3 keras 3.3.3
	Azure Linux 3.0

Exploit Intelligence

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras (github-poc-repo)
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras (github-poc)
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-0897.json (circl)
https://support.microsoft.com/lifecycle (circl)
https://www.first.org/cvss (circl)
https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade (circl)
CVE-2026-0897.json (github-poc)
package.py (github-poc)

Timeline

Jan 2, 2026 CVE Published
Feb 18, 2026 CVE Updated
Mar 31, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›