AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37666: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi

highvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37666

Summary

TensorFlow, an open source machine learning platform, has a vulnerability (CVE-2021-37666) where attackers can cause undefined behavior (unpredictable program crashes or errors) by exploiting incomplete validation in the RaggedTensorToVariant function. The flaw occurs when the function receives empty input values that it doesn't properly check for.

Solution / Mitigation

The issue has been patched in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in TensorFlow 2.6.0, and will also be back-ported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-824

Affected Vendors

Google

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 92%