CVE-2026-4993

wandb OpenUI config.py hard-coded credentials

CVSS 4.8 MEDIUMEPSS 0.1%CWE-259 CWE-798

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

wandb · OpenUI

PoCs públicas encontradas — 1

cve_referencegist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92 https://vuldb.com/?ctiid.353880 https://vuldb.com/?id.353880 https://vuldb.com/?submit.778265