CVE-2021-37635: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse
Summary
TensorFlow, a popular machine learning platform, has a bug in its sparse reduction operations (functions that combine data in a specific way) that can cause the software to access memory outside its allocated boundaries. The problem occurs because the code doesn't properly check that reduction groups stay within valid limits or that index values point to valid parts of the input data.
Solution / Mitigation
The issue was patched in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750. The fix is included in TensorFlow 2.6.0 and will be cherry-picked (backported to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.3(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37635
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%