CVE-2021-37671: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in its Map and OrderedMap operations where an attacker can cause undefined behavior (unpredictable or dangerous program actions) by exploiting a missing check for empty data indices. The code checks if indices are in order but doesn't verify they exist, leaving a gap that can lead to null pointer reference binding (attempting to use memory that hasn't been allocated).
Solution / Mitigation
The fix is included in TensorFlow 2.6.0 and was cherrypicked into TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4. Users of affected versions should update to one of these patched releases.
Vulnerability Details
7.8(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37671
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 92%