CVE-2026-27489

Name of the Vulnerable Software and Affected Versions ONNX versions prior to 1.21.0

Description ONNX contains a path traversal vulnerability via symlink that allows reading arbitrary files outside the model or user-provided directory. The vulnerability exists because the check for symlinks is ineffective, allowing a symlink to point to an arbitrary location on the file system. An attacker could provide a victim with a compressed file containing a malicious ONNX model and a symlink, which, when uncompressed and loaded, could allow the attacker to read sensitive files and environment variables from the host system. This issue is not limited to UNIX systems.

Recommendations Update to ONNX version 1.21.0 or later.