CVE-2021-41216: TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Trans
Summary
TensorFlow (an open source platform for machine learning) contains a vulnerability in its shape inference function for the `Transpose` operation where negative values in the `perm` parameter can cause a heap buffer overflow (writing data outside the intended memory boundaries). The issue stems from insufficient validation of the indices in `perm` before they are processed.
Solution / Mitigation
The fix will be included in TensorFlow 2.7.0. Users of affected versions should upgrade to TensorFlow 2.7.0 or the patched versions: TensorFlow 2.6.1, TensorFlow 2.5.2, or TensorFlow 2.4.4.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41216
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%