6 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
CVE-2026-28500 vulnerabilities
Vulnerabilities for packages: py3-onnx...
CVE-2026-28500 vulnerabilities
Vulnerabilities for packages: nemo, py3-onnx...
a2 (>=0.10.7 <=0.10.13), aad2onnx (=0.1.4) +1431 more potentially affected by CVE-2026-28500 via onnx (>=0.2.0 <=1.21.0)
onnx PYPI version =0.2.0, =0.10.7, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.4, =0.1.0, =0.0.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-28500 Source advisory: OSV:PYSEC-2026-103...
CVE-2026-28500
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...
a2 (>=0.10.7 <=0.10.13), aad2onnx (=0.1.4) +1431 more potentially affected by CVE-2026-28500 via onnx (>=0.2.0 <=1.21.0)
onnx PYPI version =0.2.0, =0.10.7, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.4, =0.1.0, =0.0.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-28500 Source advisory: OSV:GHSA-HQMJ-H5C6-369M...