CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-14647

mediumCVSS 4.3covered by 2 sourcesfirst seen 2026-07-02
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Patch name: a7bf3a0f1d18bb62575236ef6e4944980c40e045. It is recommended to apply a patch to fix this issue.

CSIRTS triage

What
There is an out-of-bounds vulnerability in onnxruntime.
Who is affected
Deployments of onnxruntime are affected.
Urgency
Remediation is medium urgency due to the potential for exploitation.
Action
Update to the latest version of onnxruntime.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-14647

Get an email if CVE-2026-14647 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-14647

CVE.org record

Embed the live status

CVE-2026-14647 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-14647 status](https://www.csirts.com/badge/CVE-2026-14647)](https://www.csirts.com/cve/CVE-2026-14647)