onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash
CVE-2026-11329

2LOW

Key Information:

Vendor

Onnx

Status
Onnx-mlir
Vendor
CVE Published:
5 June 2026

What is CVE-2026-11329?

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.

Affected Version(s)

onnx-mlir 0.5.0

References

https://vuldb.com/vuln/368865
vdb-entrytechnical-description
https://vuldb.com/vuln/368865/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11329
third-party-advisory

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem00 (VulDB User)
.