216.73.217.86

CVE-2026-2492

· Published 21/02/2026 00:16 · Author: The MITRE Corporation

Labels: CVE-2026-2492 2026-02-20CVE-2026-2492CWE-427[email protected]

Essential information

Published
21/02/2026 00:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CWE-427
EPSS (First)
P14.5% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00237)
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25480.

NVD status

NVD
View on NVD