CVE-2021-29609: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in a
Summary
TensorFlow's `SparseAdd` function (a tool for adding sparse tensors, which are data structures with mostly empty values) has incomplete validation that allows attackers to cause undefined behavior like accessing null memory or writing data outside allocated memory bounds. The vulnerability exists because the code doesn't properly check if tensors are empty or if their dimensions match, letting attackers send invalid sparse tensors that exploit unprotected assumptions.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0 and will be cherry-picked (backported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
5.3(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29609
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%