CVE-2026-34446
MEDIUM WAF: High
CVSS 5.5
Published: 2026-04-01
CWE-22
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| linuxfoundation | onnx | up to 1.21.0 |
References
- github.com (Patch)
- github.com (Vendor Advisory)