CVE-2026-34446

Name of the Vulnerable Software and Affected Versions ONNX versions prior to 1.21.0

Description The Open Neural Network Exchange (ONNX) has an issue in the onnx.load function where the code checks for symbolic links to prevent path traversal but fails to account for hard links, as hard links appear as regular files on the filesystem. The validator in onnx/checker.cc only uses is symlink() and does not check the inode or st nlink, allowing hard links to bypass security checks. This could be particularly dangerous in AI supply chain scenarios.

Recommendations Update to version 1.21.0 or later.