AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41214: TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41214

Summary

TensorFlow, an open source machine learning platform, has a bug in its shape inference code for the `tf.ragged.cross` function where it tries to use a null pointer (a reference to nothing), causing undefined behavior. The vulnerability is caused by accessing an uninitialized pointer (a memory location that hasn't been set up yet).

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. Patches will also be backported (applied to earlier versions) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-824 CWE-824

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41214

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 92%