CVE-2026-34447 — MEDIUM (CVSS 5.5) AI Security Vulnerability

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version...

Full CISO analysis pending enrichment.

Severity & Risk

CVSS 3.1

5.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.

Weaknesses (CWE)

CWE-22 Primary CWE-61 Primary

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj

Timeline

Published

April 1, 2026

Last Modified

April 1, 2026

First Seen

April 1, 2026