ONNX: Malicious ONNX models can crash servers by exploiting unprotected...

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

Basic Information

ID CVE-2026-34445

Source GitHub_M

Published Apr 1, 2026 at 17:30

Modified Apr 1, 2026 at 18:00

Affected Product

Vendor onnx

Product onnx

Version < 1.21.0

Affected Versions onnx onnx < 1.21.0

CWE Classification

CWE-20 CWE-400 CWE-915

References

{
    "lastseen": "",
    "description": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python\u2019s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn\u2019t check if the \"keys\" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.",
    "published": "2026-04-01T17:30:19.994Z",
    "modified": "2026-04-01T18:00:14.120Z",
    "type": "cve",
    "title": "ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.",
    "source": "GitHub_M",
    "references": "https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9\nhttps://github.com/onnx/onnx/pull/7751\nhttps://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b",
    "id": "CVE-2026-34445",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20",
        "CWE-400",
        "CWE-915"
    ],
    "cvelist": null,
    "sourceData": "onnx onnx < 1.21.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "onnx",
    "version": "< 1.21.0",
    "vendor": "onnx",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings._CVE-2026-34445