CVE-2021-37659: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable or unsafe program execution) by exploiting binary cwise operations (element-wise math operations between two arrays) that don't check if their inputs have the same size. This missing check allows the program to read from invalid memory locations and crash or behave unexpectedly.
Solution / Mitigation
The issue was patched in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to earlier versions still receiving support) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.3(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37659
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%