CVE-2021-29607: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in a
Summary
TensorFlow, an open-source machine learning platform, has a bug in its `SparseAdd` function where it doesn't fully check the validity of sparse tensors (data structures that efficiently store mostly empty matrices). This allows attackers to send malformed tensors that can cause the program to crash or write data to unintended memory locations.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. Patches will also be available in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
5.3(medium)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29607
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%