CVE-2024-5187: A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for a
highvulnerability
security
Summary
A vulnerability in the ONNX framework (version 1.16.0) allows attackers to overwrite any file on a system by uploading a malicious tar file (a compressed archive format) with specially crafted paths. Because the vulnerable function doesn't check whether file paths are safe before extracting the tar file, attackers could potentially execute malicious code, delete important files, or compromise system security.
Vulnerability Details
CVSS Score
8.8(high)
EPSS (30-day exploit probability)
EPSS: 1.4%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-5187
First tracked: February 15, 2026 at 08:44 PM
Classified by LLM (prompt v3) · confidence: 92%