PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28500 onnx CVE debrief

CVE-2026-28500 is a high-severity vulnerability (CVSS Score: 8.6) affecting Open Neural Network Exchange (ONNX), an open standard for machine learning interoperability. The vulnerability exists in the onnx.hub.load() function, which is used to load machine learning models. Due to improper logic in the repository trust verification mechanism, an attacker can bypass security controls and silently exfiltrate sensitive files (such as SSH keys and cloud credentials) from a victim's machine when a model is loaded. This vulnerability can be chained with file-system vulnerabilities to facilitate Zero-Interaction Supply-Chain Attacks. The vulnerability was published on March 18, 2026, and last modified on June 30, 2026. As of the time of publication, no known patched versions are available.

Vendor
onnx
Product
Unknown
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-06-30
Advisory published
2026-03-18
Advisory updated
2026-06-30

Who should care

Organizations that use Open Neural Network Exchange (ONNX) for machine learning interoperability should be aware of this vulnerability. Specifically, those who load models from non-official sources or use the silent=True parameter in the onnx.hub.load() function are at risk. Additionally, defenders responsible for securing machine learning systems and supply chains should prioritize patching or mitigating this vulnerability to prevent potential Zero-Interaction Supply-Chain Attacks.

Technical summary

The vulnerability exists in the onnx.hub.load() function, which is used to load machine learning models from various sources. The function is designed to warn users when loading models from non-official sources, but the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This allows an attacker to bypass security controls and exfiltrate sensitive files from a victim's machine when a model is loaded. The vulnerability has a CVSS Score of 8.6 and a CVSS Severity of HIGH.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, especially in environments where machine learning models are frequently loaded from non-official sources. Defenders should review their organization's use of ONNX and assess the risk of Zero-Interaction Supply-Chain Attacks.

Recommended defensive actions

  • Review and update ONNX to a patched version, if available.
  • Use caution when loading machine learning models from non-official sources.
  • Avoid using the silent=True parameter in the onnx.hub.load() function.
  • Implement additional security controls to detect and prevent exfiltration of sensitive files.
  • Monitor systems for suspicious activity related to machine learning model loading.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and potential mitigations. Additional references from GitHub and Red Hat provide further context and potential patches or workarounds. The vulnerability is considered HIGH severity, with a CVSS Score of 8.6.

Official resources

This article is AI-assisted and based on the supplied source corpus.