Platform
python
Component
onnx
Fixed in
1.21.1
1.21.0
CVE-2026-34445 describes a denial-of-service (DoS) vulnerability within the ONNX Runtime library, specifically impacting versions up to 1.9.0. This flaw arises from the insecure handling of metadata within ONNX model files, allowing attackers to craft malicious models that can crash the system. The vulnerability has been publicly disclosed and a fix is available in version 1.21.0.
The core of the vulnerability lies in the ExternalDataInfo class's use of Python's setattr() function. This function is used to load metadata from ONNX model files, but critically, it lacks validation of the metadata keys. An attacker can exploit this by crafting a malicious ONNX model containing crafted metadata. Specifically, they can set the 'length' property to an extremely large value (e.g., 9 petabytes). When the ONNX Runtime attempts to load the model, it tries to allocate this massive amount of memory, resulting in a crash and a denial-of-service condition. This effectively renders the affected system unavailable, potentially impacting critical applications relying on ONNX Runtime for machine learning inference.
CVE-2026-34445 was published on 2026-04-01. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is not widely available, but the vulnerability's nature makes it relatively straightforward to exploit once a malicious model is crafted.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34445 is to upgrade to ONNX Runtime version 1.21.0 or later, which includes the necessary fix. If an immediate upgrade is not feasible due to compatibility constraints or breaking changes, consider implementing temporary workarounds. While a direct WAF rule is unlikely to be effective due to the nature of the vulnerability within the model file itself, input validation on the ONNX model files before loading them into the runtime can provide a layer of defense. Carefully scrutinize the source of ONNX models before using them. After upgrading, confirm the fix by attempting to load a known malicious ONNX model (if available) and verifying that it no longer triggers a crash.
Update the ONNX library to version 1.21.0 or higher. This corrects the vulnerability that allows malicious ONNX models to overwrite internal object properties and potentially cause a denial of service.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34445 is a denial-of-service vulnerability in ONNX Runtime versions up to 1.9.0. Malicious ONNX models can cause the system to crash.
If you are using ONNX Runtime versions 1.9.0 or earlier, you are potentially affected by this vulnerability.
Upgrade to ONNX Runtime version 1.21.0 or later to resolve the vulnerability. Consider input validation as a temporary workaround.
There is currently no public information indicating active exploitation of CVE-2026-34445.
Refer to the official ONNX Runtime release notes and security advisories on the Microsoft Security Response Center (MSRC) website for details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.