CVE-2026-34445 - Vulnerability Details

- ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

Published: 2026-04-01

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from the ExternalDataInfo class in ONNX which, before version 1.21.0, used Python’s setattr() to load metadata from a model file without validating the keys. An attacker can craft a model that overwrites internal object properties, leading to a crash of the runtime or application that loads the model. The weakness maps to input validation failures and resource exhaustion.

Affected Systems

The flaw affects the ONNX library and runtimes that load ONNX model files, specifically any version older than 1.21.0. Systems using ONNX for inference or model serving should verify the ONNX runtime version and refrain from loading untrusted models until patched.

Risk and Exploitability

The CVSS base score of 8.6 indicates a high severity vulnerability. With no EPSS data and absence in the KEV catalog, the likelihood of widespread exploitation remains uncertain, yet the impact would be a denial of service. The likely attack vector is remote, where an adversary supplies a malicious model through an interface that accepts ONNX files. Exploitation requires only the ability to feed a crafted model to the vulnerable process.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

onnx

affected

Version	Status	Constraints
`< 1.21.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Onnx

100%

Version	Status	Scheme	Platform
`[0,1.21.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade ONNX to version 1.21.0 or later.

Generated by OpenCVE AI on April 2, 2026 at 02:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-538c-55jv-c5g9	ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00207.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b
https://github.com/onnx/onnx/pull/7751
https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
https://nvd.nist.gov/vuln/detail/CVE-2026-34445
https://www.cve.org/CVERecord?id=CVE-2026-34445

History

Wed, 15 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linuxfoundation Linuxfoundation onnx
CPEs		cpe:2.3:a:linuxfoundation:onnx::::::::
Vendors & Products		Linuxfoundation Linuxfoundation onnx

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Onnx Onnx onnx
Vendors & Products		Onnx Onnx onnx

Thu, 02 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-34445 https://www.cve.org/CVERecord?id=CVE-2026-34445
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.
Title		ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Weaknesses		CWE-20 CWE-400 CWE-915
References		https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b https://github.com/onnx/onnx/pull/7751 https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Linuxfoundation Onnx

Onnx Onnx

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-01T17:30:19.994Z

Updated: 2026-04-01T18:00:14.120Z

Reserved: 2026-03-27T18:18:14.894Z

Link: CVE-2026-34445

Vulnrichment

Updated: 2026-04-01T17:59:33.771Z

NVD

Status : Analyzed

Published: 2026-04-01T18:16:30.500

Modified: 2026-04-15T15:08:13.003

Link: CVE-2026-34445

Redhat

Severity : Moderate

Publid Date: 2026-04-01T17:30:19Z

Links: CVE-2026-34445 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-02T20:17:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object