CVE-2026-34447 — Path Traversal in Onnx

CWE-22 — Path Traversal CWE-61 — UNIX Symbolic Link (Symlink) Following7 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 98.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Onnx Debian Onnx

Timeline

PublishedApr 1

Latest updateApr 2

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5onnx/onnx< 1.21.0

▶PyPIonnx/onnx< 1.21.0

▶debiandebian/onnx

🔴Vulnerability Details

OSV

CVE-2026-34447: (Open Neural Network Exchange (ONNX) is an open standard for machine le↗2026-04-02

▶

OSV

CVE-2026-34447: Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability↗2026-04-01

▶

OSV

ONNX: External Data Symlink Traversal↗2026-04-01

▶

GHSA

ONNX: External Data Symlink Traversal↗2026-04-01

▶

📋Vendor Advisories

Debian

CVE-2026-34447: onnx - Open Neural Network Exchange (ONNX) is an open standard for machine learning int...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-34447 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶