CVE-2021-41227: TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in Tenso
Summary
TensorFlow (an open source machine learning platform) has a vulnerability in the `ImmutableConst` operation that allows attackers to read arbitrary memory contents. The issue occurs because the operation doesn't properly handle a special type of string called `tstring` that can reference memory-mapped data.
Solution / Mitigation
The fix will be included in TensorFlow 2.7.0. The patch will also be backported (applied to older supported versions) in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
Vulnerability Details
6.6(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41227
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%