Cyber Resilience

CVE-2026-34734

HighPublic PoC

Published: 09 April 2026

Published
09 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34734 is a high-severity Use After Free (CWE-416) vulnerability in Hdfgroup Hdf5. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34734 is a heap-use-after-free vulnerability (CWE-416) affecting the h5dump helper utility in HDF5 versions 1.14.1-2 and earlier. HDF5 is software for managing data, and the flaw arises when processing a malicious .h5 file. Specifically, an object allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term is improperly referenced in a memmove call from H5T__conv_struct, leading to the use-after-free condition. The vulnerability was published on 2026-04-09 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires local access with low attack complexity and no privileges, but relies on user interaction, such as convincing a user to run h5dump on a supplied malicious .h5 file. A successful attacker can achieve high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution or system compromise on the affected machine.

The primary reference is the security advisory published by the HDF Group at https://github.com/HDFGroup/hdf5/security/advisories/GHSA-w7v2-9cmr-pwwj, which security practitioners should review for details on available patches and recommended mitigations.

EU & UK References

Vulnerability details

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a…

more

memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap use-after-free in h5dump enables arbitrary code execution when processing a malicious .h5 file, directly facilitating T1203 (Exploitation for Client Execution) and T1204.002 (Malicious File) via user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-26200Same product: Hdfgroup Hdf5
CVE-2025-2153Same product: Hdfgroup Hdf5
CVE-2025-2309Same product: Hdfgroup Hdf5
CVE-2025-2310Same product: Hdfgroup Hdf5
CVE-2025-2308Same product: Hdfgroup Hdf5
CVE-2026-27309Shared CWE-416
CVE-2025-21345Shared CWE-416
CVE-2025-21159Shared CWE-416
CVE-2025-24079Shared CWE-416
CVE-2026-27292Shared CWE-416

Affected Assets

hdfgroup
hdf5
≤ 1.14.1-2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the heap-use-after-free vulnerability by requiring timely patching of the affected HDF5 h5dump utility as per vendor advisories.

prevent

Implements memory protection mechanisms such as ASLR and DEP that directly minimize the exploitability of heap use-after-free conditions in h5dump.

detect

Enables vulnerability scanning to identify and prioritize remediation of the specific CVE-2026-34734 in deployed HDF5 versions.

References