CVE-2021-41203: TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behav
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability where attackers can cause crashes or undefined behavior (unpredictable program execution) by modifying saved checkpoints (saved states of a trained model) from outside the system, because the checkpoint loading code doesn't properly validate file formats. This affects multiple versions of TensorFlow that are still being supported.
Solution / Mitigation
The fixes will be included in TensorFlow 2.7.0. Additionally, patches will be cherry-picked (applied) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are also affected and still in the supported range.
Vulnerability Details
7.8(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41203
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%