{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34447", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T18:18:14.894Z", "datePublished": "2026-04-01T17:39:38.129Z", "dateUpdated": "2026-04-01T19:14:38.114Z"}, "containers": {"cna": {"title": "ONNX: External Data Symlink Traversal", "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "lang": "en", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj"}], "affected": [{"vendor": "onnx", "product": "onnx", "versions": [{"version": "< 1.21.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T17:39:38.129Z"}, "descriptions": [{"lang": "en", "value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0."}], "source": {"advisory": "GHSA-p433-9wv8-28xj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T19:14:28.777731Z", "id": "CVE-2026-34447", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:14:38.114Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34447", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T19:14:28.777731Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T19:14:33.115Z"}}], "cna": {"title": "ONNX: External Data Symlink Traversal", "source": {"advisory": "GHSA-p433-9wv8-28xj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "onnx", "product": "onnx", "versions": [{"status": "affected", "version": "< 1.21.0"}]}], "references": [{"url": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj", "name": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T17:39:38.129Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34447", "state": "PUBLISHED", "dateUpdated": "2026-04-01T19:14:38.114Z", "dateReserved": "2026-03-27T18:18:14.894Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-01T17:39:38.129Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*", "matchCriteriaId": "D94F43D7-D50D-4698-B07D-215EBBAB63F2", "versionEndExcluding": "1.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0."}], "id": "CVE-2026-34447", "lastModified": "2026-04-15T14:45:48.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-01T18:16:30.810", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-61"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.21.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "onnx", "source": "cna", "vendor": "onnx"}, "product": "onnx", "vendor": "onnx"}], "analysis": {"en": {"generated_at": "2026-04-02T03:44:46.002536+00:00", "value": {"mitigation_remediation": ["Upgrade ONNX to version\u202f1.21.0 or later.", "If upgrading is not possible, isolate the ONNX processing environment and ensure it runs with the minimal required file\u2011system permissions.", "As a temporary workaround, validate or sanitize the model path before loading to prevent traversing outside the intended directory.", "Review model sources to confirm they are trusted before processing."], "summary": {"action": "Patch", "impact": "Unauthorized file disclosure"}, "threat_synthesis": {"affected_systems": "The flaw exists in the ONNX library, the open\u2011source standard for machine\u2011learning model exchange. All releases prior to version\u202f1.21.0 are affected, as the issue is fixed in 1.21.0 and later. Organizations that embed ONNX (clients, servers, or tooling that processes .onnx files) and use an older release are susceptible. No particular commercial vendor is singled out, since ONNX is community\u2011maintained.", "description_and_impact": "A symlink traversal flaw in external data loading allows a user to read files located outside the model directory. The vulnerability can provide access to confidential data that the application has permission to read, potentially exposing sensitive information without requiring higher privileges. The weakness maps to common errors in handling filesystem paths (CWE\u201122, CWE\u201161).", "risk_and_exploitability": "The base CVSS score is 5.5, indicating a moderate risk. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Exploitability depends on how the model is loaded; the attack would likely originate from a local user or a process that can supply model files, which aligns with a local or semi\u2011remote vector inferred from the description. Defenses include that the flaw does not enable arbitrary code execution\u2014only reads of constrained files\u2014yet an attacker could still gain access to sensitive system files if path traversal succeeds."}}}}, "created": "2026-04-02T07:48:05.734841+00:00", "updated": "2026-04-02T20:16:57.643697+00:00", "vendors": ["onnx", "onnx$PRODUCT$onnx"]}