PatchSiren

TensorFlow CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH TensorFlow CVE published 2026-02-20

CVE-2026-2492

CVE-2026-2492 is a local privilege escalation vulnerability in the TensorFlow HDF5 library. The vulnerability exists due to the library loading plugins from an unsecured location, allowing an attacker to execute arbitrary code in the context of a target user. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability has [truncated]