CVE-2022-23560: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited r
Summary
TensorFlow, an open-source machine learning framework, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where an attacker can create a specially crafted model that allows limited reads and writes outside of arrays by exploiting missing validation during conversion from sparse tensors (data structures with mostly empty values) to dense tensors (fully populated data structures). This vulnerability affects multiple versions of TensorFlow.
Solution / Mitigation
Upgrade to TensorFlow 2.8.0. For users on earlier supported versions, patches are also available in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3. Users are advised to upgrade as soon as possible.
Vulnerability Details
8.8(high)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23560
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%