CVE-2026-34446

Source
https://cve.org/CVERecord?id=CVE-2026-34446
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34446.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-34446
Aliases
Downstream
Related
Published
2026-04-01T17:37:54.737Z
Modified
2026-07-08T08:12:51.217320479Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Details

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34446.json",
    "cwe_ids": [
        "CWE-22",
        "CWE-61"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/onnx/onnx

Affected ranges

Type
GIT
Repo
https://github.com/onnx/onnx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.21.0"
        }
    ]
}

Affected versions

v0.*
v0.1
v0.2
v1.*
v1.1.0
v1.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-34446.json"