VDB
CVE-2026-28500
CVE-2026-28500
PUBLISHED
CVSS 8.600000381469727 HIGH
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
EPSS 0.01% · 1.5th percentile
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.01%
1.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | onnx | 0, 0, 0 |
| linuxfoundation | onnx | 0, 0, 0 |
| onnx | onnx | <= 1.20.1, <= 1.20.1, <= 1.20.1 |
Timeline
- Mar 16, 2026 CVE Published
- Mar 17, 2026 Security Advisory
- Mar 18, 2026 EPSS Score
- Mar 18, 2026 PoC Published
- Mar 18, 2026 PoC Published
- Mar 19, 2026 EPSS Score
- Mar 20, 2026 EPSS Score
- Mar 21, 2026 EPSS Score
- Mar 21, 2026 PoC Published
- Mar 21, 2026 PoC Published
- Mar 22, 2026 EPSS Score
- Mar 23, 2026 EPSS Score