CVE-2026-34445 in onnx정보

요약 (영어)

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.

책임이 있는

GitHub_M

예약하다

2026. 03. 27.

공개

2026. 04. 01.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
354739	onnx Model setattr 권한 상승	20	정의되지 않음	공식 수정	CVE-2026-34445

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!