Skip to main content

Microsoft EUVDEUVD-2026-17987

| CVE-2026-34446 MEDIUM
Path Traversal (CWE-22)
2026-04-01 GitHub_M GHSA-cmw6-hcpp-c6jp
4.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
4.7 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch released
Apr 02, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Apr 01, 2026 - 18:15 euvd
EUVD-2026-17987
Analysis Generated
Apr 01, 2026 - 18:15 vuln.today
CVE Published
Apr 01, 2026 - 17:37 nvd
MEDIUM 4.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 17 pypi packages depend on onnx (9 direct, 8 indirect)

Ecosystem-wide dependent count for version 1.21.0.

DescriptionGitHub Advisory

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.

AnalysisAI

ONNX versions prior to 1.21.0 allow local attackers to read arbitrary files by exploiting a hardlink-based path traversal vulnerability in onnx.load(). The vulnerability bypasses existing symlink protections because hardlinks appear as regular files to filesystem checks. An attacker with local file system access can craft a malicious ONNX model file using hardlinks to access sensitive data outside the intended directory, requiring user interaction to load the crafted model. No public exploit code has been identified; EPSS score of 4.7 indicates low exploitation probability despite moderate CVSS impact.

Technical ContextAI

ONNX is a widely-adopted open standard for machine learning model serialization and interoperability, supported by major frameworks including Microsoft's ecosystem. The onnx.load() function contains a path traversal protection mechanism that explicitly checks for symbolic links (symlinks) before loading model files. However, this check fails to account for hardlinks, which are filesystem-level references that point directly to the inode of a file. Unlike symlinks (which are distinct filesystem objects), hardlinks are indistinguishable from regular files when inspected via standard filesystem APIs. The vulnerability (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) occurs because the protection logic examines the file's appearance rather than its actual destination. A hardlink to a sensitive system file (e.g., /etc/passwd or private keys) appears as a normal file to the path validation code, allowing traversal out of the intended restricted directory scope.

RemediationAI

Vendor-released patch: ONNX 1.21.0 and later. Upgrade ONNX to version 1.21.0 or newer immediately. The fix is available at the official ONNX GitHub repository (https://github.com/onnx/onnx). Users unable to upgrade immediately should restrict local filesystem access to ONNX model files and disable user model loading from untrusted sources. Review access controls on directories containing sensitive files that could be targeted via hardlinks. The underlying fix (commit 4755f8053928dce18a61db8fec71b69c74f786cb) reinforces path traversal protections to account for hardlinks in addition to symlinks.

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2026-17987 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy