AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-26269: In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing

highvulnerability

security

Source: NVD/CVE DatabaseDecember 10, 2020CVE-2020-26269

Summary

TensorFlow's release candidate versions 2.4.0rc* contain a vulnerability in the code that matches filesystem paths to globbing patterns (a method of searching for files using wildcards), which can cause the program to read memory outside the bounds of an array holding directory information. The vulnerability stems from missing checks on assumptions made by the parallel implementation, but this issue only affects the development version and release candidates, not the final release.

Solution / Mitigation

This is patched in version 2.4.0. The implementation was completely rewritten to fully specify and validate the preconditions.

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-125 CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-26269

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 92%