PT-2026-28712 · Weights & Biases · Wandb/Openui

Eric-B

Published

2026-03-28

Updated

2026-03-28

CVE-2026-4994

CVSS v3.1

3.5

Low

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0/3.5-turb

Description A flaw exists in wandb OpenUI that allows information disclosure through error messages. The issue is located in the generic exception handler function within the backend/openui/server.py file, specifically related to the manipulation of the key argument. Local network access is required for exploitation. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations Versions prior to 1.0/3.5-turb should be used.

Exploit

Fix

Information Disclosure

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-209

Related Identifiers

CVE-2026-4994

Affected Products

Wandb/Openui

PT-2026-28712 · Weights & Biases · Wandb/Openui

CVE-2026-4994

Weakness Enumeration

Related Identifiers

Affected Products

References · 6