CVE-2026-4993

wandb OpenUI config.py hard-coded credentials

CVSS 4.8 MEDIUMEPSS 0.1%CWE-259 CWE-798

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Produtos afetados

wandb · OpenUI

PoCs públicas encontradas — 1

cve_referencegist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92 https://vuldb.com/?ctiid.353880 https://vuldb.com/?id.353880 https://vuldb.com/?submit.778265