GHSA-h668-6x6g-f8r5: tract: Arbitrary file read via unsanitized ONNX external_data `location` (path traversal) on model load in tract-onnx
Summary
The tract-onnx library (a Rust crate for running neural network models) has a vulnerability where it loads external data files referenced in ONNX models without checking the file paths. A malicious model can use absolute paths (like `/etc/passwd`) or directory traversal sequences (like `../../../../etc/passwd`) in the `location` field to trick tract into reading arbitrary files on the system and exposing their contents in the model's output. This is a path-traversal vulnerability (a type of attack where an attacker manipulates file paths to access files outside the intended directory).
Solution / Mitigation
Reject absolute `location` values and any `..` components, then canonicalize (convert to a standard absolute path form) and verify the resolved path stays within the model directory, mirroring the fix applied in the `onnx` reference library version 1.22.0.
Vulnerability Details
EPSS: 0.0%
Yes
June 19, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/advisories/GHSA-h668-6x6g-f8r5
First tracked: June 19, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%