Local Privilege Escalation Vulnerability in TensorFlow HDF5 Library by Google
CVE-2026-2492

7HIGH

Key Information:

Vendor: Tensorflow
Status: Tensorflow
Vendor: CVE Published:; 20 February 2026

What is CVE-2026-2492?

This vulnerability in the TensorFlow HDF5 Library arises from the handling of plugins, where the application loads them from an unsecured location. Local attackers with low privileges can exploit this flaw to escalate their privileges, allowing them to execute arbitrary code in the context of the target user. To exploit this vulnerability, an attacker must already have the ability to execute low-privileged code, making it crucial for organizations utilizing TensorFlow to secure their environments against potential abuse.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TensorFlow 2.17.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-116/

x_research-advisory

https://github.com/tensorflow/tensorflow/commit/46e7f7fb1...

vendor-advisory

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 13, 2026

JSON

Tensorflow

What is CVE-2026-2492?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.