CVE-2026-34445

High

Published: 01 April 2026

Published

01 April 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS Score 0.0021 42.9th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34445 is a high-severity Improper Input Validation (CWE-20) vulnerability in Linuxfoundation Onnx. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 42.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Machine Learning Libraries.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the improper input validation in ExternalDataInfo by requiring validation of metadata keys from ONNX model files before applying setattr().

SI-2 Flaw Remediation good match

prevent

Ensures timely patching and upgrade to ONNX version 1.21.0 to remediate the specific flaw allowing object property overwrites.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Vulnerability scanning identifies systems using vulnerable ONNX versions prior to 1.21.0 for remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability allows remote exploitation via a malicious ONNX model file processed by client applications using the ONNX library, enabling client-side code execution (T1203) and application denial of service through resource exhaustion (T1499.004), as indicated by high availability impact and CWE-400.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX…

model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

Deeper analysisAI

CVE-2026-34445 is a vulnerability in the Open Neural Network Exchange (ONNX) library, an open standard for machine learning model interoperability, affecting versions prior to 1.21.0. The issue lies in the ExternalDataInfo class, which uses Python's setattr() function to load metadata—such as file paths or data lengths—directly from an ONNX model file without validating the keys present in the file. This lack of validation enables an attacker to craft a malicious ONNX model that overwrites internal object properties of the class.

The vulnerability can be exploited remotely by an unauthenticated attacker with no privileges required and no user interaction needed, as indicated by its CVSS 3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). Exploitation occurs when a victim system loads or processes the malicious ONNX model file, potentially leading to low confidentiality impact, low integrity impact, and high availability impact. The associated weakness identifiers are CWE-20 (Improper Input Validation), CWE-400 (Uncontrolled Resource Consumption), and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes).

Mitigation is available through an upgrade to ONNX version 1.21.0, where the issue has been patched. Official resources detail the fix, including the patch commit at https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b, the corresponding pull request at https://github.com/onnx/onnx/pull/7751, and the GitHub security advisory at https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9.

Details

CWE(s): CWE-20 CWE-400 CWE-915

Affected Products

linuxfoundation

onnx

≤ 1.21.0

AI Security AnalysisAI

AI Category: Machine Learning Libraries
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: neural network, machine learning

CVEs Like This One

CVE-2026-27489Same product: Linuxfoundation Onnx

CVE-2026-28500Same product: Linuxfoundation Onnx

CVE-2025-51480Same product: Linuxfoundation Onnx

CVE-2026-33218Same vendor: Linuxfoundation

CVE-2025-68134Same vendor: Linuxfoundation

CVE-2026-37532Same vendor: Linuxfoundation

CVE-2024-24419Same vendor: Linuxfoundation

CVE-2025-68136Same vendor: Linuxfoundation

CVE-2025-68141Same vendor: Linuxfoundation

CVE-2024-24418Same vendor: Linuxfoundation

References

https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b
Patch · security-advisories@github.com
https://github.com/onnx/onnx/pull/7751
Issue Tracking, Patch · security-advisories@github.com
https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
Patch, Vendor Advisory · security-advisories@github.com