{"data":{"id":"0e1f9d60-d849-4f70-a1a7-0b1231b50712","title":"CVE-2026-14647: A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opse","summary":"A weakness was found in ONNX (a software format for AI models) versions up to 1.21.x that allows an out-of-bounds read (accessing memory outside the intended area). The vulnerability is in a function called convPoolShapeInference_opset19 and can be attacked remotely by someone with login access, though the attack code is now public.","solution":"Apply patch a7bf3a0f1d18bb62575236ef6e4944980c40e045, available at https://github.com/onnx/onnx/commit/a7bf3a0f1d18bb62575236ef6e4944980c40e045.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-14647","publishedAt":"2026-07-04T19:16:53.640Z","cveId":"CVE-2026-14647","cweIds":["CWE-119","CWE-125"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ONNX","ONNX Runtime"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-04T19:16:53.640Z","capecIds":["CAPEC-100","CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}