CVE-2021-37656: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi
Summary
TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable program crashes or errors) by exploiting incomplete validation in the `tf.raw_ops.RaggedTensorToSparse` function. The function fails to check that split values are in increasing order, allowing an attacker to bind a reference to a null pointer (a reference to an empty memory location).
Solution / Mitigation
The issue has been patched in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece. The fix will be included in TensorFlow 2.6.0, and will also be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37656
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%