CVE-2026-4993

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 0.0.0.0/1.0

Description A security issue exists in wandb OpenUI related to hard-coded credentials. The manipulation of the LITELLM MASTER KEY argument within the file backend/openui/config.py can lead to exposure of these credentials. The exploit is publicly available and requires local access to initiate an attack. The vendor was informed of this issue but did not respond.

Recommendations Versions prior to 0.0.0.0/1.0 should be updated. As a temporary workaround, consider restricting access to the backend/openui/config.py file to minimize the risk of exploitation.