PT-2026-28712 · Weights & Biases · Wandb/Openui
Eric-B
+1
·
Publicado
2026-03-28
·
Atualizado
2026-03-28
·
CVE-2026-4994
CVSS v3.1
3.5
Baixa
| Vetor | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
wandb OpenUI versions up to 1.0/3.5-turb
Description
A flaw exists in wandb OpenUI that allows information disclosure through error messages. The issue is located in the
generic exception handler function within the backend/openui/server.py file, specifically related to the manipulation of the key argument. Local network access is required for exploitation. The exploit has been publicly released. The vendor was notified but did not respond.Recommendations
Versions prior to 1.0/3.5-turb should be used.
Exploit
Correção
Information Disclosure
Generation of Error Message Containing Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Wandb/Openui