Vulnerability Details CVE-2026-44512
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.version_converter.convert_version() can dereference a null pointer in Upsample_6_7::adapt_upsample_6_7() in onnx/version_converter/adapters/upsample_6_7.h when processing an untrusted model with an Upsample node that has zero inputs, causing an unrecoverable denial of service. This issue is fixed in version 1.22.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 6.7%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2026-44512
-
cpe:2.3:a:linuxfoundation:onnx:1.10.0
-
cpe:2.3:a:linuxfoundation:onnx:1.10.1
-
cpe:2.3:a:linuxfoundation:onnx:1.10.2
-
cpe:2.3:a:linuxfoundation:onnx:1.11.0
-
cpe:2.3:a:linuxfoundation:onnx:1.12.0
-
cpe:2.3:a:linuxfoundation:onnx:1.13.0
-
cpe:2.3:a:linuxfoundation:onnx:1.16.0
-
cpe:2.3:a:linuxfoundation:onnx:1.16.1
-
cpe:2.3:a:linuxfoundation:onnx:1.16.2
-
cpe:2.3:a:linuxfoundation:onnx:1.17.0
-
cpe:2.3:a:linuxfoundation:onnx:1.18.0
-
cpe:2.3:a:linuxfoundation:onnx:1.19.0
-
cpe:2.3:a:linuxfoundation:onnx:1.19.1
-
cpe:2.3:a:linuxfoundation:onnx:1.20.0
-
cpe:2.3:a:linuxfoundation:onnx:1.20.1
-
cpe:2.3:a:linuxfoundation:onnx:1.21.0
-
cpe:2.3:a:linuxfoundation:onnx:1.9.0