CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
Summary
TensorFlow, an open source machine learning framework, has a vulnerability in its shape inference for the `Dequantize` operation where the `axis` argument is not properly validated. An attacker can provide an unexpectedly large `axis` value that causes an integer overflow (when a number becomes too large and wraps around to a negative or incorrect value) when the code adds 1 to it.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. It will also be backported (applied to earlier versions) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.
Vulnerability Details
7.6(high)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
CVE-2024-35199: TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21727
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%