Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

INFO

Published Date :

2026-04-01T17:30:19.994Z

Last Modified :

2026-04-01T18:00:14.120Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34445 vulnerability.

Vendors Products
Linuxfoundation
  • Onnx
Onnx
  • Onnx
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34445.

URL Resource
https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b cve-icon cve-icon cve-icon
https://github.com/onnx/onnx/pull/7751 cve-icon cve-icon cve-icon
https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-34445 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-34445 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact