AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41208: TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlo

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41208

Summary

TensorFlow's boosted trees code (a machine learning feature for building multiple decision trees together) lacks proper input validation, allowing attackers to crash the system (denial of service, where a service becomes unavailable), read sensitive data from memory, or write malicious data to memory buffers. The TensorFlow developers recommend stopping use of these APIs since the boosted trees code is no longer actively maintained.

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. Security patches will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

DoSData Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-824 CWE-476

Affected Vendors

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%