๐Ÿ” CVE Alert

CVE-2026-14647

MEDIUM 4.3

onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue.

CWE CWE-125 CWE-119
Vendor n/a
Product onnx
Published Jul 4, 2026
Stay Ahead of the Next One

Get instant alerts for n/a onnx

Be the first to know when new medium vulnerabilities affecting n/a onnx are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

n/a / onnx
1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376160 vuldb.com: https://vuldb.com/vuln/376160/cti vuldb.com: https://vuldb.com/cve/CVE-2026-14647 vuldb.com: https://vuldb.com/submit/846317 github.com: https://github.com/onnx/onnx/issues/8036 github.com: https://github.com/onnx/onnx/pull/8051 github.com: https://github.com/onnx/onnx/commit/a7bf3a0f1d18bb62575236ef6e4944980c40e045 github.com: https://github.com/onnx/onnx/

Credits

๐Ÿ” m00dy (VulDB User)