Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]

Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-28500.

Summary IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-28500. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-28500 DESCRIPTION: Open Neural...

Path Traversal

ONNX is vulnerable to Path Traversal. The vulnerability is due to improper handling of symlinks allowing directory traversal, which allows an attacker to access and read arbitrary files outside the intended directory...

Linux Distros Unpatched Vulnerability : CVE-2026-34446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code...

Linux Distros Unpatched Vulnerability : CVE-2026-27489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +371 more potentially affected by unknown CVE via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-Q56X-G2FJ-4RJ6...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34447 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34447 Source advisory: SNYK:PYTHON-ONNX-15873763...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +371 more potentially affected by CVE-2026-34447 via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34447 Source advisory: OSV:GHSA-P433-9WV8-28XJ...

UNIX Symbolic Link (Symlink) Following

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the resolveexternaldatalocation function. An attacker can access arbitrary files outside the intended directory by supplying a symlink within the model...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34446 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34446 Source advisory: SNYK:PYTHON-ONNX-15873848...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +371 more potentially affected by CVE-2026-34446 via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34446 Source advisory: OSV:GHSA-CMW6-HCPP-C6JP...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +371 more potentially affected by CVE-2026-34447 via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34447 Source advisory: OSV:PYSEC-2026-104...

CVE-2026-34445

CVE-2026-34445 affects ONNX prior to version 1.21.0, where ExternalDataInfo used Python setattr() to load metadata directly from model files without validating keys, enabling a malicious model to overwrite internal object properties. Impact is mainly availability (HIGH) with confidentiality and i...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-27489 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-27489 Source advisory: SNYK:PYTHON-ONNX-15870164...

GHSA-3R9X-F23J-GC73 onnx Vulnerable to Path Traversal via Symlink

Summary A path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. Details The following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:...

a2 (>=0.10.7 <=0.10.13), aad2onnx (=0.1.4) +1431 more potentially affected by CVE-2026-28500 via onnx (>=0.2.0 <=1.21.0)

onnx PYPI version =0.2.0, =0.10.7, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.4, =0.1.0, =0.0.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-28500 Source advisory: OSV:PYSEC-2026-103...

Linux Distros Unpatched Vulnerability : CVE-2026-28500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass...

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +371 more potentially affected by CVE-2026-28500 via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-28500 Source advisory: SNYK:PYTHON-ONNX-15674461...