{"data":{"id":"e35b6061-1a45-4b0f-af69-d87c25c09aa5","title":"CVE-2020-26266: In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code","summary":"CVE-2020-26266 is a vulnerability in TensorFlow where saved models can accidentally use uninitialized values (memory locations that haven't been set to a starting value) during execution because certain floating point data types weren't properly initialized in the Eigen library (a math processing component). This is a use of uninitialized resource (CWE-908) type bug that could lead to unpredictable behavior when running affected models.","solution":"This vulnerability is fixed in TensorFlow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-26266","publishedAt":"2020-12-11T04:15:12.647Z","cveId":"CVE-2020-26266","cweIds":["CWE-908","CWE-908"],"cvssScore":"4.4","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00051,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}