AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41206: TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missi

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41206

Summary

TensorFlow, a machine learning platform, has a vulnerability (CVE-2021-41206) where certain operations don't properly check the size and dimensions of tensor arguments (the numerical arrays that machine learning models process). This missing validation can cause crashes, memory corruption (reads and writes to unintended memory locations), or other undefined behavior depending on which operation is affected.

Solution / Mitigation

The fixes will be included in TensorFlow 2.7.0. Patches will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

7(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-354

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%