ByteOS Network

NVD Vulnerability Details :

CVE-2026-2492

Awaiting Analysis

Source-zdi-disclosures@trendmicro.com

Published At-20 Feb, 2026 | 23:16

Updated At-23 Feb, 2026 | 18:13

TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25480.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.0	7.0	HIGH	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.0

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-427	Primary	zdi-disclosures@trendmicro.com

CWE ID: CWE-427

Type: Primary

Source: zdi-disclosures@trendmicro.com

References

Hyperlink	Source	Resource
https://github.com/tensorflow/tensorflow/commit/46e7f7fb144fd11cf6d17c23dd47620328d77082	zdi-disclosures@trendmicro.com	N/A
https://www.zerodayinitiative.com/advisories/ZDI-26-116/	zdi-disclosures@trendmicro.com	N/A

Hyperlink: https://github.com/tensorflow/tensorflow/commit/46e7f7fb144fd11cf6d17c23dd47620328d77082

Source: zdi-disclosures@trendmicro.com

Resource: N/A

Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-26-116/

Source: zdi-disclosures@trendmicro.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History