Home / Vulnerability Intelligence / CVE-2026-34445

CVE-2026-34445 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: April 1, 2026

Open Neural Network Exchange (ONNX) - Prototype Pollution

Published: April 1, 2026Updated: April 1, 2026Remote Exploitable

Overview

Open Neural Network Exchange (ONNX) < 1.21.0 contains a prototype pollution caused by unchecked use of setattr() in ExternalDataInfo class loading metadata, letting attackers overwrite internal object properties, exploit requires crafted malicious model.

Severity & Score

Severity: High

CVSS Score: 8.6

Impact

Attackers can overwrite internal object properties, potentially leading to application logic manipulation or denial of service.

Mitigation

Update to version 1.21.0 or later.

References

https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b
https://github.com/onnx/onnx/pull/7751
https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34445
Severity: High
CVSS Score: 8.6
Type: prototype_pollution
Status: new

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H