CVE-2022-41900: TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool
Summary
TensorFlow (an open source machine learning platform) has a security vulnerability in its FractionalMaxPool and FractionalAvgPool functions when given invalid pooling_ratio values. Attackers can exploit this to access heap memory (the computer's temporary storage area outside normal program control), potentially causing the system to crash or allowing remote code execution (running harmful commands on someone else's computer).
Solution / Mitigation
The vulnerability was patched in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0, and the patch will also be applied to TensorFlow 2.10.1.
Vulnerability Details
7.1(high)
EPSS: 1.3%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41900
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 92%