AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37682: TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that u

mediumvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37682

Summary

TensorFlow, an open-source machine learning platform, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where operations using quantization (a technique that reduces model size by using lower-precision numbers) can accidentally use uninitialized values because the code doesn't properly check whether quantization settings are valid before using them. This could cause unpredictable behavior in machine learning models running on mobile or embedded devices.

Solution / Mitigation

The issue has been patched in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5, and 8933b8a21280696ab119b63263babdb54c298538. The fix is included in TensorFlow 2.6.0 and has been backported to TensorFlow 2.5.1, 2.4.3, and 2.3.4.

Vulnerability Details

CVSS Score

4.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-908

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37682

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%