AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41217: TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flo

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41217

Summary

TensorFlow, an open source machine learning platform, has a vulnerability where the code that builds a control flow graph (the structure representing how data moves through a model) crashes when it assumes paired nodes exist but they don't. When the first node in a pair is missing, the code tries to use a null pointer (a reference to nothing), causing the program to crash.

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. The fix will also be backported (applied to older versions still receiving updates) in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41217

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%