Description
TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25480.
Published: 2026-02-20
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Update
AI Analysis

Impact

The flaw resides in the TensorFlow HDF5 library’s handling of plugin loading. An attacker who can run code with limited privileges can manipulate the search path for plugins, causing the library to load an attacker‑controlled plugin from an unsecured location. This results in execution of arbitrary code with the privileges of the target user, enabling local privilege escalation.

Affected Systems

This vulnerability affects all installations of TensorFlow that use the HDF5 library to load plugins. No specific version ranges are supplied, so any TensorFlow release prior to the security fix referenced in the commit developers should be considered vulnerable. The vendor product is TensorFlow.

Risk and Exploitability

The CVSS base score of 7.8 indicates a high severity issue. The EPSS score is reported as < 1 %, suggesting a very low probability of exploitation in the wild at this time. The vulnerability is not listed in the CISA KEV catalog, further indicating it is not a known exploited flaw. Exploitation requires an attacker to already have the ability to run code with low privileges on the host; from that position, manipulating the plugin search path permits escalation to higher privilege levels. The local nature of the attack limits the attack surface to machines where the user has some access, and the exploit chain does not rely on network exposure.

Generated by OpenCVE AI on April 16, 2026 at 16:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update TensorFlow to the latest release that includes the patch corresponding to commit 46e7f7fb.
  • Restrict the HDF5_PLUGIN_PATH environment variable or remove any writable directories from the search path to prevent loading of unauthorized plugins.
  • Apply system‑level access controls such as SELinux or AppArmor to limit the execution rights of the TensorFlow process and the target user’s file system permissions.

Generated by OpenCVE AI on April 16, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tensorflow
Tensorflow tensorflow
Vendors & Products Tensorflow
Tensorflow tensorflow

Sat, 21 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 20 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25480.
Title TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7, 'vector': 'CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Tensorflow Tensorflow
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-28T04:55:41.592Z

Reserved: 2026-02-13T21:15:09.797Z

Link: CVE-2026-2492

cve-icon Vulnrichment

Updated: 2026-02-24T15:12:23.325Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T23:16:05.440

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2492

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-20T22:22:54Z

Links: CVE-2026-2492 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:45:25Z

Weaknesses