PatchSiren cyber security CVE debrief
CVE-2026-28500 onnx CVE debrief
CVE-2026-28500 is a high-severity vulnerability (CVSS Score: 8.6) affecting Open Neural Network Exchange (ONNX), an open standard for machine learning interoperability. The vulnerability exists in the onnx.hub.load() function, which is used to load machine learning models. Due to improper logic in the repository trust verification mechanism, an attacker can bypass security controls and silently exfiltrate sensitive files (such as SSH keys and cloud credentials) from a victim's machine when a model is loaded. This vulnerability can be chained with file-system vulnerabilities to facilitate Zero-Interaction Supply-Chain Attacks. The vulnerability was published on March 18, 2026, and last modified on June 30, 2026. As of the time of publication, no known patched versions are available.
- Vendor
- onnx
- Product
- Unknown
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-18
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-18
- Advisory updated
- 2026-06-30
Who should care
Organizations that use Open Neural Network Exchange (ONNX) for machine learning interoperability should be aware of this vulnerability. Specifically, those who load models from non-official sources or use the silent=True parameter in the onnx.hub.load() function are at risk. Additionally, defenders responsible for securing machine learning systems and supply chains should prioritize patching or mitigating this vulnerability to prevent potential Zero-Interaction Supply-Chain Attacks.
Technical summary
The vulnerability exists in the onnx.hub.load() function, which is used to load machine learning models from various sources. The function is designed to warn users when loading models from non-official sources, but the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This allows an attacker to bypass security controls and exfiltrate sensitive files from a victim's machine when a model is loaded. The vulnerability has a CVSS Score of 8.6 and a CVSS Severity of HIGH.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, especially in environments where machine learning models are frequently loaded from non-official sources. Defenders should review their organization's use of ONNX and assess the risk of Zero-Interaction Supply-Chain Attacks.
Recommended defensive actions
- Review and update ONNX to a patched version, if available.
- Use caution when loading machine learning models from non-official sources.
- Avoid using the silent=True parameter in the onnx.hub.load() function.
- Implement additional security controls to detect and prevent exfiltration of sensitive files.
- Monitor systems for suspicious activity related to machine learning model loading.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its impact, and potential mitigations. Additional references from GitHub and Red Hat provide further context and potential patches or workarounds. The vulnerability is considered HIGH severity, with a CVSS Score of 8.6.
Official resources
-
CVE-2026-28500 CVE record
CVE.org
-
CVE-2026-28500 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.