CVE-2026-28500: ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

March 16, 2026 (updated March 19, 2026)

A security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts.

References

github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md
github.com/advisories/GHSA-hqmj-h5c6-369m
github.com/onnx/onnx
github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m
nvd.nist.gov/vuln/detail/CVE-2026-28500

Code Behaviors & Features

Detect and mitigate CVE-2026-28500 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →