{"data":{"id":"37b2d237-1810-4fa3-bf69-1ba00974bde6","title":"CVE-2026-34446: Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, ","summary":"ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) has a security flaw in versions before 1.21.0 where its file-loading function checks for symlinks (shortcuts to files) but misses hardlinks (alternate names pointing to the same file), allowing attackers to bypass path traversal protections (restrictions that prevent accessing files outside an intended folder).","solution":"Update ONNX to version 1.21.0 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-34446","publishedAt":"2026-04-01T18:16:30.660Z","cveId":"CVE-2026-34446","cweIds":["CWE-22","CWE-61"],"cvssScore":"4.7","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ONNX"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","attackVector":"local","attackComplexity":"high","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-01T18:16:30.660Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}