ONNX (Open Neural Network Exchange) is an open standard format for representing machine learning models. It allows models to be transferred between different frameworks, promoting interoperability and simplifying deployment. However, vulnerabilities in ONNX can pose security risks.

What are the risks associated with these ONNX vulnerabilities?

The identified vulnerabilities in ONNX can lead to several risks, including denial-of-service (DoS) attacks, arbitrary file read/write, and object corruption. These vulnerabilities could allow attackers to compromise the integrity and availability of systems using ONNX models.

How do I fix these ONNX vulnerabilities?

To mitigate these vulnerabilities, it is recommended to upgrade the onnx package to version 1.21.0 or later. This upgrade includes fixes for the identified issues and helps protect against potential attacks. Use the command `pip install --upgrade onnx` to perform the upgrade.

What is a TOCTOU vulnerability?

TOCTOU stands for Time-of-Check Time-of-Use, and it's a type of vulnerability that occurs when there is a time gap between when a security check is performed and when the result of that check is used. During this gap, an attacker can modify the system's state, leading to unexpected or malicious behavior.

Multiple Vulnerabilities in ONNX Model Processing (2026)

Multiple vulnerabilities have been discovered in ONNX, a popular open-source machine learning model format. These vulnerabilities could allow attackers to cause denial-of-service (DoS), arbitrary file read/write, and object corruption. Users of ONNX are advised to upgrade to version 1.21.0 to mitigate these risks.

These vulnerabilities range from medium to high severity, potentially causing significant impact.

What is Onnx?

Onnx is a component for python that serves as an open standard for representing machine learning models. It enables interoperability between different frameworks, allowing models to be easily transferred and deployed across various platforms. However, vulnerabilities in Onnx can expose systems to various risks. Learn more and search all search all onnx CVEs.

CVE-2026-34445: ONNX ExternalDataInfo Object Corruption and DoS

CVSS8.6

Affected versionsThis vulnerability affects ONNX versions 1.9.0 and earlier.

High severity: can disrupt service or corrupt objects.

EPSS score of 0.04 indicates a low probability of exploitation.

The ExternalDataInfo class in ONNX uses Python's `setattr()` to load metadata from ONNX model files without proper validation. A malicious ONNX model can exploit this by overwriting internal object properties, leading to denial-of-service or object corruption.

How to fix CVE-2026-34445 in Onnx

Patch immediately

1.Upgrade the onnx package to version 1.21.0 or later.

Upgrade onnx

pip install --upgrade onnx

Workaround: There is no known workaround besides upgrading.

NextGuard automatically flags CVE-2026-34445 if Onnx appears in any of your monitored projects — no manual lookup required.

CVE-2026-34447: ONNX External Data Symlink Traversal

CVSS5.5

Affected versionsThis vulnerability affects ONNX versions 1.9.0 and earlier.

Medium severity: allows unauthorized file access.

EPSS score of 0.012 indicates a very low probability of exploitation.

A symlink traversal vulnerability exists in ONNX's external data loading mechanism. By crafting a malicious ONNX model with a symlink in the external data path, an attacker can read arbitrary files outside the intended model directory.

How to fix CVE-2026-34447 in Onnx

Patch immediately

1.Upgrade the onnx package to version 1.21.0 or later.

Upgrade onnx

pip install --upgrade onnx

Workaround: Avoid loading ONNX models from untrusted sources.

NextGuard automatically flags CVE-2026-34447 if Onnx appears in any of your monitored projects — no manual lookup required.

GHSA-q56x-g2fj-4rj6: ONNX TOCTOU Arbitrary File Read/Write

CVSS7.1

Affected versionsThis vulnerability affects ONNX versions 1.9.0 and earlier.

High severity: can overwrite arbitrary files.

No EPSS score available.

The `save_external_data` method in ONNX is vulnerable to a Time-of-Check Time-of-Use (TOCTOU) vulnerability, allowing arbitrary file read/write. An attacker can exploit this by replacing an external data file with a symlink, leading to the overwriting of sensitive files.

How to fix GHSA-q56x-g2fj-4rj6 in Onnx

Patch immediately

1.Upgrade the onnx package to version 1.21.0 or later.

Upgrade onnx

pip install --upgrade onnx

Workaround: Avoid saving ONNX models with external data to untrusted locations.

NextGuard automatically flags GHSA-q56x-g2fj-4rj6 if Onnx appears in any of your monitored projects — no manual lookup required.

Stay ahead of python vulnerabilities

Proactively detect and remediate vulnerabilities in your python projects. Use NextGuard to monitor your python dependencies and receive alerts on new threats.

Compare Plans

Frequently asked questions

Multiple vulnerabilities in ONNX require immediate attention and patching. Upgrade to version 1.21.0 to mitigate the risks of DoS, arbitrary file access, and object corruption. see all python vulnerabilities.