Local Privilege Escalation Vulnerability in TensorFlow HDF5 Library by Google
CVE-2026-2492

7HIGH

Key Information:

Vendor: Tensorflow
Status: Tensorflow
Vendor: CVE Published:; 20 February 2026

What is CVE-2026-2492?

This vulnerability in the TensorFlow HDF5 Library arises from the handling of plugins, where the application loads them from an unsecured location. Local attackers with low privileges can exploit this flaw to escalate their privileges, allowing them to execute arbitrary code in the context of the target user. To exploit this vulnerability, an attacker must already have the ability to execute low-privileged code, making it crucial for organizations utilizing TensorFlow to secure their environments against potential abuse.

Affected Version(s)

TensorFlow 2.17.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-116/

x_research-advisory

https://github.com/tensorflow/tensorflow/commit/46e7f7fb1...

vendor-advisory

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 13, 2026

CVE-2026-2492 Data

JSON

Tensorflow

What is CVE-2026-2492?

Affected Version(s)

References

CVSS V3.0

Timeline