CVE-2021-41221: TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn
highvulnerability
security
Summary
TensorFlow (an open source machine learning platform) has a vulnerability where shape inference code for certain operations can be tricked into accessing invalid memory through a heap buffer overflow (where a program writes data beyond the allocated memory space). This happens because the code doesn't verify that certain input parameters have the correct structure before using them.
Solution / Mitigation
The fix will be included in TensorFlow 2.7.0. The patch will also be backported (adapted and released) for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.
Vulnerability Details
CVSS Score
7.8(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41221
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%