Cyber Posture

CVE-2026-34445

High

Published: 01 April 2026

Published
01 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0021 42.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX…

more

model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the improper input validation in ExternalDataInfo by requiring validation of metadata keys from ONNX model files before applying setattr().

SI-2 Flaw Remediation good match
prevent

Ensures timely patching and upgrade to ONNX version 1.21.0 to remediate the specific flaw allowing object property overwrites.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Vulnerability scanning identifies systems using vulnerable ONNX versions prior to 1.21.0 for remediation.

Security SummaryAI

CVE-2026-34445 is a vulnerability in the Open Neural Network Exchange (ONNX) library, an open standard for machine learning model interoperability, affecting versions prior to 1.21.0. The issue lies in the ExternalDataInfo class, which uses Python's setattr() function to load metadata—such as file paths or data lengths—directly from an ONNX model file without validating the keys present in the file. This lack of validation enables an attacker to craft a malicious ONNX model that overwrites internal object properties of the class.

The vulnerability can be exploited remotely by an unauthenticated attacker with no privileges required and no user interaction needed, as indicated by its CVSS 3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Exploitation occurs when a victim system loads or processes the malicious ONNX model file, potentially leading to low confidentiality impact, low integrity impact, and high availability impact. The associated weakness identifiers are CWE-20 (Improper Input Validation), CWE-400 (Uncontrolled Resource Consumption), and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes).

Mitigation is available through an upgrade to ONNX version 1.21.0, where the issue has been patched. Official resources detail the fix, including the patch commit at https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b, the corresponding pull request at https://github.com/onnx/onnx/pull/7751, and the GitHub security advisory at https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9.

Details

CWE(s)
CWE-20CWE-400CWE-915

Affected Products

linuxfoundation
onnx
≤ 1.21.0

AI Security AnalysisAI

AI Category
Machine Learning Libraries
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: neural network, machine learning

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The vulnerability allows remote exploitation via a malicious ONNX model file processed by client applications using the ONNX library, enabling client-side code execution (T1203) and application denial of service through resource exhaustion (T1499.004), as indicated by high availability impact and CWE-400.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References