Vulnerability Details CVE-2026-34447
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.3%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2026-34447
-
cpe:2.3:a:linuxfoundation:onnx:-
-
cpe:2.3:a:linuxfoundation:onnx:0.1
-
cpe:2.3:a:linuxfoundation:onnx:0.2
-
cpe:2.3:a:linuxfoundation:onnx:1.0
-
cpe:2.3:a:linuxfoundation:onnx:1.0.1
-
cpe:2.3:a:linuxfoundation:onnx:1.1.0
-
cpe:2.3:a:linuxfoundation:onnx:1.1.2
-
cpe:2.3:a:linuxfoundation:onnx:1.10.0
-
cpe:2.3:a:linuxfoundation:onnx:1.10.1
-
cpe:2.3:a:linuxfoundation:onnx:1.10.2
-
cpe:2.3:a:linuxfoundation:onnx:1.11.0
-
cpe:2.3:a:linuxfoundation:onnx:1.12.0
-
cpe:2.3:a:linuxfoundation:onnx:1.13.0
-
cpe:2.3:a:linuxfoundation:onnx:1.16.0
-
cpe:2.3:a:linuxfoundation:onnx:1.16.1
-
cpe:2.3:a:linuxfoundation:onnx:1.16.2
-
cpe:2.3:a:linuxfoundation:onnx:1.17.0
-
cpe:2.3:a:linuxfoundation:onnx:1.2.1
-
cpe:2.3:a:linuxfoundation:onnx:1.2.2
-
cpe:2.3:a:linuxfoundation:onnx:1.2.3
-
cpe:2.3:a:linuxfoundation:onnx:1.3.0
-
cpe:2.3:a:linuxfoundation:onnx:1.4.0
-
cpe:2.3:a:linuxfoundation:onnx:1.4.1
-
cpe:2.3:a:linuxfoundation:onnx:1.5.0
-
cpe:2.3:a:linuxfoundation:onnx:1.6.0
-
cpe:2.3:a:linuxfoundation:onnx:1.7.0
-
cpe:2.3:a:linuxfoundation:onnx:1.8.0
-
cpe:2.3:a:linuxfoundation:onnx:1.8.1
-
cpe:2.3:a:linuxfoundation:onnx:1.9.0