CVE-2021-37658: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi
Summary
TensorFlow, a machine learning platform, has a vulnerability in its MatrixSetDiagV operations where an attacker can cause undefined behavior (unpredictable program crashes or errors) by passing an empty tensor (a data structure with no elements) as input, since the code doesn't properly validate that the input tensor has at least one element before trying to access it.
Solution / Mitigation
The issue was patched in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix is included in TensorFlow 2.6.0 and will be backported (applied to older versions still receiving support) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37658
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%