CVE-2026-27489
Published: 01 April 2026
Summary
CVE-2026-27489 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-27489 is a path traversal vulnerability affecting the Open Neural Network Exchange (ONNX), an open standard for machine learning model interoperability. In versions prior to 1.21.0, the vulnerability enables symlink-based path traversal, allowing attackers to read arbitrary files outside the intended model or user-provided directories. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWEs-23 (Path Traversal) and CWE-61 (Symlink Race Condition).
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. By crafting a malicious ONNX model containing symlinks, an attacker can traverse directory boundaries during model loading or processing, achieving high-impact unauthorized disclosure of sensitive files on the target system.
The vulnerability has been patched in ONNX version 1.21.0. The ONNX GitHub security advisory (GHSA-3r9x-f23j-gc73) and patching commit (4755f8053928dce18a61db8fec71b69c74f786cb) provide further details on the fix, recommending immediate upgrades for affected deployments.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17969
Vulnerability details
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version…
more
1.21.0.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Machine Learning Libraries
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: machine learning, neural network, onnx
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in ONNX model loading enables remote unauthenticated exploitation of public-facing applications processing untrusted models (T1190) to achieve arbitrary local file read (T1005).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the path traversal vulnerability by requiring timely patching to ONNX version 1.21.0 or later.
Validates ONNX model inputs, including file paths and symlinks, to prevent traversal outside intended directories.
Enforces least privilege on processes loading ONNX models, limiting access to sensitive files even if traversal occurs.