AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-26076: Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 16, 2023CVE-2022-26076

Summary

CVE-2022-26076 is a vulnerability in Intel's oneAPI Deep Neural Network library (oneDNN, a software framework for machine learning tasks) before version 2022.1 that involves an uncontrolled search path element (a weakness where a program looks for files in directories it shouldn't trust, potentially allowing attackers to substitute malicious files). An authenticated user (someone with login access) could exploit this through local access to gain higher system privileges.

Vulnerability Details

CVSS Score

6.7(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-427

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 85%