CVE-2021-41211: TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in its shape inference code for the `QuantizeV2` function that allows reading memory outside of the intended boundaries (heap OOB read, or out-of-bounds read) when the `axis` parameter is given a negative value less than -1. This happens because the code doesn't properly validate that negative axis values stay within acceptable bounds before accessing memory.
Solution / Mitigation
The fix will be included in TensorFlow 2.7.0. The fix will also be applied to TensorFlow 2.6.1, as this is the only other version affected.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41211
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 92%