CVE-2021-37685: TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where a negative `axis` parameter value can cause the software to read data outside the intended memory area. This could potentially expose sensitive information or crash the program.
Solution / Mitigation
The issue was patched in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257. The fix is included in TensorFlow 2.6.0 and was also applied to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37685
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%