ZDI-26-122: PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

• Advisory Details PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-26-122ZDI-CAN-27788 This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. • An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. • The specific flaw exists within the TrackerUpdate process. • The product loads a library from an unsecured location. • An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. • Fixed in version 10.7.3.401https://www.pdf-xchange.com/product/pdf-xchange-editor/history#10.7.3.401 2025-09-16 - Vulnerability reported to vendor 2026-02-19 - Coordinated public release of advisory 2026-02-19 - Advisory Updated General Inquiries Find us on X Find us on Mastodon Media Inquiries Sensitive Email Communications Our Mission TrendAI TippingPoint IPS Process Researcher Rewards FAQS Privacy Published Advisories Upcoming Advisories RSS Feeds

Advisory Details TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability ZDI-26-116ZDI-CAN-25480 This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow.

Article Summaries:

• CVE ID | CVE-2026-2040 | CVSS SCORE | 7.3, AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | AFFECTED VENDORS | PDF-XChange | AFFECTED PRODUCTS | PDF-XChange Editor | VULNERABILITY DETAILS | This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate pr
• CVE ID | CVE-2026-2492 | CVSS SCORE | 7.0, AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | AFFECTED VENDORS | TensorFlow | AFFECTED PRODUCTS | TensorFlow | VULNERABILITY DETAILS | This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of plugins. The application loads plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and exec

Sources:

• http://www.zerodayinitiative.com/advisories/ZDI-26-122/
• http://www.zerodayinitiative.com/advisories/ZDI-26-116/ (Latest source article published: 2026-02-19 06:00 UTC)