CVE-2021-41206: TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missi
highvulnerability
security
Summary
TensorFlow, a machine learning platform, has a vulnerability (CVE-2021-41206) where certain operations don't properly check the size and dimensions of tensor arguments (the numerical arrays that machine learning models process). This missing validation can cause crashes, memory corruption (reads and writes to unintended memory locations), or other undefined behavior depending on which operation is affected.
Solution / Mitigation
The fixes will be included in TensorFlow 2.7.0. Patches will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
Vulnerability Details
CVSS Score
7(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41206
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%