AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41204: TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41204

Summary

TensorFlow, an open source machine learning platform, has a bug in its Grappler optimizer (the part that optimizes computational graphs) where constant folding (simplifying calculations before running them) incorrectly tries to copy resource tensors (special data structures that shouldn't be modified), causing the program to crash. The issue affects multiple versions of TensorFlow.

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. Updates will also be available in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-824 CWE-824

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41204

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 92%