CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTe
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in a function called `tf.raw_ops.RaggedTensorToTensor` that fails to properly validate (check) all input arguments. An attacker can cause undefined behavior (unpredictable crashes or memory access errors) by providing empty inputs, because the code only checks that one input isn't empty while skipping checks on the others.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4 will also receive the fix through cherrypicked commits, as these versions are affected and still supported.
Vulnerability Details
5.3(medium)
EPSS: 0.1%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29608
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%