CVE-2021-41223: TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm`
highvulnerability
security
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in its `FusedBatchNorm` kernels that allows heap OOB access (out-of-bounds memory reading, where a program tries to read data outside the memory space it's allowed to use). This bug affects multiple older versions of TensorFlow that are still supported.
Solution / Mitigation
The fix will be included in TensorFlow 2.7.0. The commit will also be cherry-picked (applied retroactively) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
Vulnerability Details
CVSS Score
7.1(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
AI Component TargetedFramework
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41223
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 92%