CVE-2026-11329— onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash
Possible ATT&CK Techniques 1AI
T1068 · Exploitation for Privilege EscalationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11329
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
可逆的单向哈希
Source: NVD (National Vulnerability Database)
Vulnerability Title
ONNX-MLIR 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ONNX-MLIR是Open Neural Network Exchange开源的一个将ONNX图转换为高效代码的编译器工具。 ONNX-MLIR 0.5.0.0及之前版本存在安全漏洞,该漏洞源于Placeholder Node Cache Handler组件中src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py文件的generate_hash_key函数使用弱哈希。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-11329
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11329
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-11329 (2)
Other References for CVE-2026-11329 (1)
IV. Related Vulnerabilities
Same vendor: onnx
- CVE-2026-34447
ONNX: External Data Symlink Traversal - CVE-2026-34446
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass i - CVE-2026-27489
ONNX: Path Traversal via Symlink - CVE-2026-34445
ONNX: Malicious ONNX models can crash servers by exploiting - CVE-2026-28500
ONNX Untrusted Model Repository Warnings Suppressed by silen
Same weakness: CWE-328
- CVE-2026-48488
phpMyFAQ has Weak Cryptography - SHA1 for Password Hashing - CVE-2026-11481
yoanbernabeu grepai Postgres Embedding Cache chunker.go Post - CVE-2026-11479
yoanbernabeu grepai Qdrant Backend chunker.go weak hash - CVE-2026-11330
thedotmack claude-mem Observation Content Hash store.ts comp - CVE-2026-10814
milvus-io milvus Grantee ID Hash kv_catalog.go weak hash
V. Comments for CVE-2026-11329
No comments yet