← volver
CVE-2026-11329

onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

CVSS 2 LOWEPSS 0.1%CWE-327CWE-328
A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Productos afectados
onnx · onnx-mlir

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/onnx/onnx-mlir/https://github.com/onnx/onnx-mlir/commit/72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4https://github.com/onnx/onnx-mlir/pull/3427https://vuldb.com/cve/CVE-2026-11329https://vuldb.com/submit/832358https://vuldb.com/vuln/368865https://vuldb.com/vuln/368865/cti