CVE-2026-34445: ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

April 1, 2026

The ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. The problem? It didn’t check if the “keys” in the file were valid. Because it blindly trusted the file, an attacker could craft a malicious model that overwrites internal object properties.

References

github.com/advisories/GHSA-538c-55jv-c5g9
github.com/onnx/onnx
github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b
github.com/onnx/onnx/pull/7751
github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
nvd.nist.gov/vuln/detail/CVE-2026-34445

Code Behaviors & Features

Detect and mitigate CVE-2026-34445 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →