AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41201: TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEq

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41201

Summary

TensorFlow, an open source machine learning platform, has a bug in the `EinsumHelper::ParseEquation()` function where it fails to properly initialize certain flags (variables that track whether ellipsis notation is used in inputs and outputs). The function only sets these flags to true but never to false, which can cause the program to read uninitialized memory (garbage values) if code calling this function assumes the flags are always set correctly.

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. The fix will also be backported (cherry-picked) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-824 CWE-824

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41201

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%