Platform
python
Component
onnx
Fixed in
1.21.1
1.21.0
CVE-2026-27489 represents a path traversal vulnerability discovered within the ONNX (Open Neural Network Exchange) library. This flaw, stemming from an ineffective symlink check, enables an attacker to read arbitrary files outside of designated model or user-provided directories. The vulnerability affects versions of ONNX up to and including 1.9.0, and a patch is available in version 1.21.0.
CVE-2026-27489 in ONNX introduces a path traversal vulnerability via symlinks. This allows an attacker to potentially read arbitrary files outside the model or user-provided directory. The current symlink check is ineffective, allowing a symlink to point to an arbitrary location on the filesystem. This flaw resides in the ONNX checker.cc code, specifically in how symlinks are handled when validating files. The use of std::filesystem::isregularfile without proper validation allows symlinks to be followed, exposing sensitive files.
An attacker could exploit this vulnerability by providing a malicious ONNX model containing a symlink pointing to a sensitive file on the filesystem. If the ONNX application doesn't properly validate this symlink, it could follow it and read the contents of the pointed-to file. This could allow the attacker to access confidential information, such as passwords, API keys, or user data. The likelihood of exploitation depends on the system configuration and the presence of sensitive files accessible through manipulable file paths.
Exploit Status
EPSS
0.07% (21% percentile)
CISA SSVC
The recommended mitigation is to upgrade to ONNX version 1.21.0 or later. This version corrects the vulnerability by implementing a more robust symlink validation. In the interim, as a temporary measure, restrict access to directories where ONNX models are stored and carefully audit any user-provided input that might involve file paths. It's crucial to review the application code using ONNX to identify and mitigate any potential exposure to this vulnerability. Upgrading to the latest version is the most effective and secure solution.
Actualice la biblioteca ONNX a la versión 1.21.0 o superior. Esto corrige la vulnerabilidad de path traversal que permite la lectura de archivos arbitrarios fuera del directorio del modelo o proporcionado por el usuario.
Vulnerability analysis and critical alerts directly to your inbox.
A symbolic link (symlink) is a type of file that points to another file or directory. It's like a shortcut, but at the filesystem level.
Version 1.21.0 of ONNX fixes the path traversal vulnerability, preventing unauthorized access to files.
As a temporary measure, restrict access to ONNX model directories and audit user-provided file path inputs.
Review your application code to identify any ONNX usage that might involve file path validation.
Currently, there are no specific tools to detect this vulnerability, but penetration testing and code analysis are recommended.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.