CVE-2026-2492: TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability al
highvulnerability
security
Summary
TensorFlow has a vulnerability where it loads plugins from an unsafe location, allowing attackers who already have low-level access to a system to gain higher privileges (privilege escalation, where an attacker gains elevated permissions to do things they normally couldn't). An attacker exploiting this flaw could run arbitrary code (any commands they choose) with the same permissions as the target user.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-2492
First tracked: February 20, 2026 at 07:07 PM
Classified by LLM (prompt v3) · confidence: 85%