Intel

AIKIDO-2026-10136

keras is vulnerable to Uncontrolled Recursion

Uncontrolled RecursionCVE-2026-0897 Published Feb 9, 2026

67

Medium Risk

This Affects:

PYTHONkeras
3.0.0 - 3.12.0
Fixed in 3.12.1
3.13.0 - 3.13.1
Fixed in 3.13.2
Are you affected? Scan for Free

TL;DR

Affected versions of this package allow loading of malicious .keras files containing crafted HDF5 metadata with extreme or overflowing tensor shapes, leading to unbounded memory allocation and potential remote denial of service. An attacker could exploit this by supplying a shape bomb that triggers recursive path handling issues or forces NumPy to allocate multi-gigabyte tensors during model loading, exhausting memory or crashing the process before validation occurs.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

keras is vulnerable to Uncontrolled Recursion in versions 3.0.0 - 3.12.0 and 3.13.0 - 3.13.1.

How to fix this

Upgrade the keras library to the patch version.