VYPR
High severity8.6NVD Advisory· Published Apr 1, 2026· Updated Apr 15, 2026

CVE-2026-34445

CVE-2026-34445

Description

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
onnxPyPI
< 1.21.01.21.0

Affected products

10

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.