CVE-2026-11329: A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key
lowvulnerability
security
Summary
A vulnerability exists in ONNX MLIR (a tool that converts machine learning models to code) versions up to 0.5.0.0 where the generate_hash_key function uses a weak hash (a simple algorithm for converting data into a fixed-length code that is easy to reverse or predict). The vulnerability requires local access to exploit and is difficult to execute in practice.
Solution / Mitigation
Apply patch 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4 to resolve this issue.
Vulnerability Details
CVSS Score
3.6(low)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
local
Attack Complexity
high
Privileges Required
low
User Interaction
none
Disclosure Date
June 5, 2026
Classification
Attack Type
Other
Attack SophisticationAdvanced
Impact (CIA+S)
integrity
AI Component TargetedFramework
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-11329
First tracked: June 5, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 75%