CVE-2026-34446
MEDIUMONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Title source: cnaDescription
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp
X_Refsource_Misc x_refsource_misc
https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb
Scores
CVSS v3
4.7
EPSS
0.0018
EPSS Percentile
7.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-61
Status
published
Products (3)
linuxfoundation/onnx
< 1.21.0
onnx/onnx
< 1.21.0
pypi/onnx
0 - 1.21.0PyPI
Published
Apr 01, 2026
Tracked Since
Apr 01, 2026