CVE-2026-28500: ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

March 16, 2026 (updated April 6, 2026)

Any pipeline using hub.load() with silent=True and an external repo string is silently loading whatever the repo owner ships. If that model executes arbitrary code on load, the attacker has access to the machine.

References

github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-28500.md
github.com/advisories/GHSA-hqmj-h5c6-369m
github.com/onnx/onnx
github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m
nvd.nist.gov/vuln/detail/CVE-2026-28500

Code Behaviors & Features

Detect and mitigate CVE-2026-28500 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →