Open Neural Network Exchange
Moderate fix1 remedy
cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 1.20.1
Open Neural Network Exchange Hardlink Bypass Vulnerability in External Data Handling
Vulnerability
Patched
A vulnerability in the Open Neural Network Exchange (ONNX) library, affecting versions through 1.20.1, allows arbitrary file reads by bypassing security checks for hardlinks in external data files. The issue arises because the validation process only checks for symlinks, leaving hardlinks, which appear as regular files, unexamined. This oversight can be exploited to access sensitive information, particularly in AI supply chain contexts.
Impact
Exploitation of this vulnerability could lead to unauthorized access to confidential data, with high severity implications, especially in AI supply chain scenarios.
Reproduction
The vulnerability can be reproduced by creating a hardlink to a sensitive file and then referencing that hardlink in an ONNX model's external data. When the model is loaded, the ONNX library's checks will fail to detect the hardlink, allowing access to the sensitive file without authorization.
Remediation
Users should update to ONNX version 1.21.0 or later, where this vulnerability has been patched.
Added: Apr 1, 2026, 6:32 PM
Updated: Apr 1, 2026, 6:32 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.7exploitability
4.8remediation
7.7relevance
5.1threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.