CVE-2026-34447: Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,
Summary
ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) versions before 1.21.0 have a symlink traversal vulnerability (a flaw where attackers can follow symbolic links to access files outside the intended model directory), allowing unauthorized reading of files outside the model directory. This vulnerability affects how ONNX loads external data when processing models.
Solution / Mitigation
This issue has been patched in version 1.21.0. Users should upgrade to ONNX version 1.21.0 or later.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
local
low
none
required
April 1, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-34447
First tracked: April 1, 2026 at 08:08 PM
Classified by LLM (prompt v3) · confidence: 85%