CVE-2026-27489

HighPublic PoC

Published: 01 April 2026

Published

01 April 2026

Modified

07 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0007 22.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27489 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Machine Learning Libraries.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the path traversal vulnerability by requiring timely patching to ONNX version 1.21.0 or later.

SI-10 Information Input Validation good match

prevent

Validates ONNX model inputs, including file paths and symlinks, to prevent traversal outside intended directories.

AC-6 Least Privilege partial match

prevent

Enforces least privilege on processes loading ONNX models, limiting access to sensitive files even if traversal occurs.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Path traversal in ONNX model loading enables remote unauthenticated exploitation of public-facing applications processing untrusted models (T1190) to achieve arbitrary local file read (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version…

1.21.0.

Deeper analysisAI

CVE-2026-27489 is a path traversal vulnerability affecting the Open Neural Network Exchange (ONNX), an open standard for machine learning model interoperability. In versions prior to 1.21.0, the vulnerability enables symlink-based path traversal, allowing attackers to read arbitrary files outside the intended model or user-provided directories. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWEs-23 (Path Traversal) and CWE-61 (Symlink Race Condition).

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. By crafting a malicious ONNX model containing symlinks, an attacker can traverse directory boundaries during model loading or processing, achieving high-impact unauthorized disclosure of sensitive files on the target system.

The vulnerability has been patched in ONNX version 1.21.0. The ONNX GitHub security advisory (GHSA-3r9x-f23j-gc73) and patching commit (4755f8053928dce18a61db8fec71b69c74f786cb) provide further details on the fix, recommending immediate upgrades for affected deployments.

Details

CWE(s): CWE-23 CWE-61

Affected Products

linuxfoundation

onnx

≤ 1.21.0

AI Security AnalysisAI

AI Category: Machine Learning Libraries
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: neural network, machine learning

CVEs Like This One

CVE-2026-34445Same product: Linuxfoundation Onnx

CVE-2026-28500Same product: Linuxfoundation Onnx

CVE-2025-51480Same product: Linuxfoundation Onnx

CVE-2026-35167Same vendor: Linuxfoundation

CVE-2025-59352Same vendor: Linuxfoundation

CVE-2026-33701Same vendor: Linuxfoundation

CVE-2025-68137Same vendor: Linuxfoundation

CVE-2026-24124Same vendor: Linuxfoundation

CVE-2026-35171Same vendor: Linuxfoundation

CVE-2026-27889Same vendor: Linuxfoundation

References

https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb
Patch · security-advisories@github.com
https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73
Exploit, Mitigation, Patch, Vendor Advisory · security-advisories@github.com