CVE-2021-41225: TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a u
mediumvulnerability
security
Summary
TensorFlow's Grappler optimizer (the part of TensorFlow that improves how machine learning models run) has a bug where a variable called `dequeue_node` is never initialized if a saved model doesn't contain a specific type of operation called a `Dequeue` node. This uninitialized variable could cause the optimizer to behave unpredictably or crash.
Solution / Mitigation
Update to TensorFlow 2.7.0 or later. If you need to stay on earlier versions, update to TensorFlow 2.6.1, 2.5.2, or 2.4.4, which will include the fix through a cherrypick (backport of the specific fix to older versions).
Vulnerability Details
CVSS Score
5.5(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
AI Component TargetedFramework
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41225
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 92%