(CVE-2026-27489) - Two Incomplete Fixes for a Path Traversal Vulnerability in ONNX

We found a zero-day path traversal in ONNX — CVE-2026-27489.

It took three patches to get fixed. We break down how the vulnerability survived each fix and what it takes to actually kill a traversal bug.

👉 Full analysis: https://secdim.com/blog/post/two-incomplete-fixes-for-a-path-traversal-vulnerability-in-onnx-cve-2026-27489-18075/