CVE-2026-2492 — Uncontrolled Search Path Element in Tensorflow
Severity
7.0HIGHNVD
EPSS
0.0%
top 95.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 20
Latest updateFeb 21
Description
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability t…
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-9xmv-j327-gw5g: TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability↗2026-02-21
OSV▶
CVE-2026-2492: TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability↗2026-02-20
CVEList▶
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability↗2026-02-20
📋Vendor Advisories
3Red Hat▶
tensorflow: TensorFlow: Local privilege escalation via uncontrolled search path for plugins↗2026-02-20
Microsoft▶
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability↗2026-02-10
Debian▶
CVE-2026-2492: tensorflow - TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalat...↗2026