AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41212: TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41212

Summary

TensorFlow, an open source machine learning platform, has a vulnerability in its shape inference code for the `tf.ragged.cross` function that allows reading data outside the bounds of allocated memory (an out-of-bounds read, which can cause crashes or expose sensitive data). The vulnerability affects multiple versions of TensorFlow and has been patched in newer releases.

Solution / Mitigation

The fix is included in TensorFlow 2.7.0. For users on earlier versions, patches were also released for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are still in the supported range.

Vulnerability Details

CVSS Score

7.1(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentialityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-125 CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41212

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%