CVE-2021-37664: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from ou
Summary
TensorFlow (an open-source platform for machine learning) has a vulnerability where an attacker can read data from outside the intended memory area by sending specially crafted invalid arguments to a specific function called `BoostedTreesSparseCalculateBestFeatureSplit`. The problem occurs because the code doesn't properly check that input values are within valid ranges.
Solution / Mitigation
The issue was patched in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378. The fix is included in TensorFlow 2.6.0 and will be backported (applied retroactively) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.
Vulnerability Details
7.3(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37664
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%