PatchSiren cyber security CVE debrief
CVE-2026-11329 onnx CVE debrief
A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult.
- Vendor
- onnx
- Product
- onnx-mlir
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of onnx onnx-mlir up to 0.5.0.0
Technical summary
The vulnerability is caused by the use of a weak hash in the generate_hash_key function of the Placeholder Node Cache Handler. This can be exploited locally, but the complexity of the attack is high and the exploitation is difficult.
Defensive priority
LOW
Recommended defensive actions
- Apply the patch 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4 to resolve this issue.
Evidence notes
The vulnerability has been rated as problematic with a CVSS score of 2 and a CVSS severity of LOW.
Official resources
2026-06-05T13:16:38.343Z