CVE-2021-29606: TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where a maliciously designed model can trigger an OOB read (out-of-bounds read, accessing memory outside the intended data area) on the heap when the `Split_V` operation receives an invalid axis value that falls outside the expected range.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported (applied to earlier versions still receiving support) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29606
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%