What is CVE-2026-2492?

CVE-2026-2492 is a high-severity vulnerability in Tensorflow, classified under Uncontrolled Search Path Element. CVSS score: 7.0/10. Published 2026-02-20.

How severe is CVE-2026-2492?

High severity. CVSS v3 base score is 7.0 out of 10.

Vulnerability in Tensorflow

CVE-2026-2492

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the…

EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tensorflow — versions 2.17.0

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

ZDI-26-116 (x_research-advisory)
vendor-provided URL (vendor-advisory)

Frequently asked questions

What is CVE-2026-2492?: CVE-2026-2492 is a high-severity vulnerability in Tensorflow, classified under Uncontrolled Search Path Element. CVSS score: 7.0/10. Published 2026-02-20.
How severe is CVE-2026-2492?: High severity. CVSS v3 base score is 7.0 out of 10.