CVE-2026-14647 in onnx
Summary
by MITRE • 07/04/2026
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/04/2026
The vulnerability identified in ONNX versions up to 1.21.x represents a critical out-of-bounds read flaw within the onnxruntime component, specifically affecting the convPoolShapeInference_opset19 function located in onnx/defs/nn/old.cc. This weakness stems from insufficient input validation and boundary checking during convolutional and pooling operation shape inference processes, creating an exploitable condition that can be remotely triggered through network-based attacks. The flaw manifests when the system processes neural network operations that utilize the affected function, leading to memory access violations that could result in application crashes or potentially more severe consequences depending on the execution environment.
The technical nature of this vulnerability aligns with CWE-125: "Out-of-Bounds Read" which is classified as a fundamental memory safety issue where an application reads data from a memory location beyond the expected boundaries. This particular implementation flaw exists within the ONNX runtime inference engine's neural network processing capabilities, specifically when handling convolutional and pooling operations through the opset19 interface. The vulnerability can be exploited remotely without requiring local access or authentication, making it particularly dangerous in production environments where ONNX models are processed from untrusted sources.
The operational impact of this vulnerability extends beyond simple application instability, as it creates potential attack vectors for adversaries seeking to compromise systems running ONNX runtime components. Remote exploitation could lead to denial of service conditions, information disclosure, or potentially arbitrary code execution depending on the target system configuration and memory layout. The availability of public exploit code significantly increases the risk profile, as attackers can readily leverage this vulnerability without requiring advanced technical skills to develop custom exploits. Systems processing neural network models through ONNX runtime are particularly at risk, including machine learning platforms, AI inference servers, and applications integrating ONNX model execution capabilities.
Security mitigations for this vulnerability primarily focus on applying the official patch referenced by commit hash a7bf3a0f1d18bb62575236ef6e4944980c40e045. Organizations should immediately upgrade to patched versions of ONNX runtime components and conduct thorough vulnerability assessments of systems processing neural network models through affected interfaces. Additional defensive measures include implementing network segmentation to limit exposure, monitoring for exploitation attempts, and establishing robust input validation procedures for all ONNX model processing pipelines. The ATT&CK framework categorizes this vulnerability under T1203: "Exploitation for Client Execution" and potentially T1499: "Endpoint Denial of Service" depending on the specific attack vector employed, making it a significant concern for enterprise security teams managing machine learning infrastructure.