CVE-2021-35958: TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_fil
criticalvulnerability
security
Summary
TensorFlow versions up to 2.5.0 have a vulnerability where attackers can overwrite arbitrary files by providing a specially crafted archive when the tf.keras.utils.get_file function is used with the extract=True setting. This happens because the function doesn't properly validate file paths during extraction (a weakness called path traversal, where attackers manipulate file paths to access files outside intended directories). The vendor notes that this function was not designed to handle untrusted archives.
Vulnerability Details
CVSS Score
9.1(critical)
EPSS (30-day exploit probability)
EPSS: 1.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-35958
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 92%