CVE-2020-15196: In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate
Summary
TensorFlow version 2.3.0 has a vulnerability in two functions, `SparseCountSparseOutput` and `RaggedCountSparseOutput`, that don't check whether the weights tensor (a data structure with values and their positions) matches the shape of the main data being processed. This missing validation allows an attacker to read data outside the intended memory area by providing fewer weights than data values, potentially exposing sensitive information from the computer's memory.
Solution / Mitigation
The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. Users should upgrade to version 2.3.1 or later.
Vulnerability Details
8.5(high)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-15196
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 92%