PT-2026-55726 · Onnx · Onnx

M00Dy

·

Published

2026-07-04

·

Updated

2026-07-04

·

CVE-2026-14647

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.22.0
Description A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the convPoolShapeInference opset19() function located in the onnx/defs/nn/old.cc file.
Recommendations Apply patch a7bf3a0f1d18bb62575236ef6e4944980c40e045 to resolve the issue. As a temporary mitigation, restrict the use of the convPoolShapeInference opset19() function.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14647

Affected Products

Onnx