Weak Hash Vulnerability in onnx-mlir from ONNX
CVE-2026-11329

2LOW

Key Information:

Vendor

Onnx

Status
Vendor
CVE Published:
5 June 2026

What is CVE-2026-11329?

A vulnerability exists in the onnx-mlir component of the ONNX framework, specifically within the generate_hash_key function of the Placeholder Node Cache Handler. This flaw allows potential attackers to exploit weak hashing methods, which could lead to cache collisions. Notably, the exploitation requires local access and is characterized by its high complexity, making it challenging to execute. It is imperative for users to apply the recommended patch (commit ID: 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4) to mitigate the risks associated with this vulnerability.

Affected Version(s)

onnx-mlir 0.5.0

References

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem00 (VulDB User)
.