AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41226: TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount`

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41226

Summary

TensorFlow, an open source platform for machine learning, has a vulnerability in its `SparseBinCount` function that allows heap OOB access (out-of-bounds memory access, where a program reads data outside the memory it's allowed to use) because it doesn't validate that the `values` argument matches the shape of the sparse output. This bug could let attackers crash the system or potentially read sensitive data from memory.

Solution / Mitigation

The fix is included in TensorFlow 2.7.0 and has been backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4. Users should update to one of these patched versions.

Vulnerability Details

CVSS Score

7.1(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-125 CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41226

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%