Skip to main content

onnx-mlir EUVDEUVD-2026-34826

| CVE-2026-11329 LOW
Use of Weak Hash (CWE-328)
2026-06-05 VulDB GHSA-h7gg-9w38-vh5g
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 05, 2026 - 13:22 NVD
3.6 (LOW) 2.0 (LOW)
Source Code Evidence Fetched
Jun 05, 2026 - 13:16 vuln.today
Analysis Generated
Jun 05, 2026 - 13:16 vuln.today

DescriptionCVE.org

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.

AnalysisAI

Weak cache key construction in onnx-mlir's torch backend (versions up to 0.5.0.0) omits tensor data type (dtype) from placeholder node hash keys, enabling cache collisions between semantically distinct nodes. A locally authenticated attacker with high-complexity manipulation can cause the compiler to incorrectly reuse cached compilation results across mismatched dtypes, yielding low-integrity and low-availability impacts. No public exploit is identified at time of analysis; the upstream fix is confirmed via commit 72c5187 and PR #3427.

Technical ContextAI

onnx-mlir is a compiler toolchain that lowers ONNX model graphs to native machine code. The affected component is the torch_onnxmlir Python backend (src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py), where the generate_hash_key function constructs a cache key for placeholder nodes as f'om_placeholder_{placeholder_counter}_[{shape_str}]' - encoding only tensor shape, not dtype. CWE-328 (Use of Weak Hash) applies because this key omits a critical distinguishing attribute: two placeholder nodes with identical shapes but different data types (e.g., float32 vs. int64) hash to the same value. The fix in PR #3427 appends _{dtype} to produce f'om_placeholder_{placeholder_counter}_[{shape_str}]_{dtype}', making the key collision-resistant for differing dtypes. CPE cpe:2.3:a:onnx:onnx-mlir:*:*:*:*:*:*:*:* covers all versions through 0.5.0.0.

RemediationAI

Apply the upstream fix by incorporating commit 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4, available via PR #3427 at https://github.com/onnx/onnx-mlir/pull/3427. The patch modifies generate_hash_key to append the tensor dtype to the placeholder cache key, eliminating collisions between same-shape, different-dtype nodes. An exact released tagged version incorporating this fix has not been independently confirmed from available intelligence - users should verify that their target release includes this specific commit before considering remediation complete. As a compensating control pending patch deployment, ML engineers compiling models with the torch_onnxmlir backend should avoid or disable placeholder node caching in workflows that involve multiple dtypes sharing identical tensor shapes; note this may degrade compilation performance. The official fix is the only fully effective remediation.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

EUVD-2026-34826 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy