CVE-2021-41228: TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is
Summary
TensorFlow's `saved_model_cli` tool (a command-line utility for working with machine learning models) has a code injection vulnerability because it runs `eval` on user-supplied strings, which could allow attackers to execute arbitrary code on the system. The risk is limited since the tool is only run manually by users, not automatically.
Solution / Mitigation
The developers patched this by adding a `safe` flag that defaults to `True` and an explicit warning for users. The fix is included in TensorFlow 2.7.0, and will also be backported (applied to older versions still being supported) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
Vulnerability Details
7.5(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41228
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%