CVE-2026-34447

MEDIUM NVD

CVSS Score 5.5

Severity MEDIUM

Published Apr 01, 2026

Vendor unknown

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.

References

https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj