CVE-2026-34446
mediumCVSS v3 Base Score
4.7
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 100% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
None
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.
CWE
CWE-41Affected Products
Red Hat OpenShift AI (RHOAI)