Description
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.
Published: 2026-04-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized file disclosure
Action: Patch
AI Analysis

Impact

A symlink traversal flaw in external data loading allows a user to read files located outside the model directory. The vulnerability can provide access to confidential data that the application has permission to read, potentially exposing sensitive information without requiring higher privileges. The weakness maps to common errors in handling filesystem paths (CWE‑22, CWE‑61).

Affected Systems

The flaw exists in the ONNX library, the open‑source standard for machine‑learning model exchange. All releases prior to version 1.21.0 are affected, as the issue is fixed in 1.21.0 and later. Organizations that embed ONNX (clients, servers, or tooling that processes .onnx files) and use an older release are susceptible. No particular commercial vendor is singled out, since ONNX is community‑maintained.

Risk and Exploitability

The base CVSS score is 5.5, indicating a moderate risk. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Exploitability depends on how the model is loaded; the attack would likely originate from a local user or a process that can supply model files, which aligns with a local or semi‑remote vector inferred from the description. Defenses include that the flaw does not enable arbitrary code execution—only reads of constrained files—yet an attacker could still gain access to sensitive system files if path traversal succeeds.

Generated by OpenCVE AI on April 2, 2026 at 03:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ONNX to version 1.21.0 or later.
  • If upgrading is not possible, isolate the ONNX processing environment and ensure it runs with the minimal required file‑system permissions.
  • As a temporary workaround, validate or sanitize the model path before loading to prevent traversing outside the intended directory.
  • Review model sources to confirm they are trusted before processing.

Generated by OpenCVE AI on April 2, 2026 at 03:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p433-9wv8-28xj ONNX: External Data Symlink Traversal
History

Wed, 15 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation onnx
CPEs cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation onnx

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Onnx
Onnx onnx
Vendors & Products Onnx
Onnx onnx

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.
Title ONNX: External Data Symlink Traversal
Weaknesses CWE-22
CWE-61
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Linuxfoundation Onnx
Onnx Onnx
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-01T19:14:38.114Z

Reserved: 2026-03-27T18:18:14.894Z

Link: CVE-2026-34447

cve-icon Vulnrichment

Updated: 2026-04-01T19:14:33.115Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T18:16:30.810

Modified: 2026-04-15T14:45:48.833

Link: CVE-2026-34447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:16:57Z

Weaknesses