Scan free
LOWCVE-2026-4994CVSS 3.5

CVE-2026-4994: wandb OpenUI Information Exposure Vulnerability

Platform

python

Component

wandb

Fixed in

1.0.1

3.5.1

AI Confidence: mediumNVDEPSS 0.0%Reviewed: Mar 2026
View on NVD
Save

CVE-2026-4994 describes an information exposure vulnerability within the wandb OpenUI component. Specifically, the genericexceptionhandler function in backend/openui/server.py allows for information disclosure through error messages when manipulating the key argument. This vulnerability, rated as low severity, impacts versions 1.0 up to 3.5-turb. Currently, there is no official patch available to address this issue.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Upload requirements.txtSupported formats: requirements.txt · Pipfile.lock

Impact and Attack Scenarios

A vulnerability has been identified in wandb OpenUI versions up to 1.0/3.5-turb. This flaw, located in the genericexceptionhandler function within the backend/openui/server.py file of the APIStatusError Handler component, allows for information exposure through error messages. An attacker can manipulate the key argument to trigger this disclosure. The vulnerability requires local network access for exploitation and, concerningly, the exploit has been publicly released, increasing the risk of attacks. The vendor's lack of response to early notification of this vulnerability further compounds the situation, leaving users without an immediate official fix.

Exploitation Context

The vulnerability lies in how the error handler genericexceptionhandler processes arguments, specifically the manipulation of the key argument. An attacker, with local network access, can send malicious requests designed to trigger the function and force the disclosure of sensitive information through generated error messages. The public availability of the exploit means attackers can easily replicate the attack, significantly increasing the risk. The vendor's lack of response hinders the accurate assessment of the vulnerability's full scope and the availability of countermeasures.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureMedium
Reports1 threat report

EPSS

0.03% (7% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R3.5LOWAttack VectorAdjacentHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Adjacent — requires network proximity: same LAN, Bluetooth, or local wireless segment. Not internet-exposed.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentwandb
Vendorwandb
Affected rangeFixed in
1.0 – 1.01.0.1
3.5-turb – 3.5-turb3.5.1

Weakness Classification (CWE)

CWE-209CWE-200

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 57 days since disclosure

Mitigation and Workarounds

Given the vendor's lack of a provided fix, immediate mitigation focuses on risk reduction. We strongly recommend upgrading to an OpenUI version later than 1.0/3.5-turb once available. In the meantime, restrict local network access to the OpenUI instance, limiting exploitation possibilities. Thoroughly monitor server logs for unusual error patterns to detect potential exploitation attempts. Consider implementing firewall rules to block suspicious traffic toward the OpenUI server. Continuous security posture assessment remains crucial until an official solution is available.

How to fix

Actualice la biblioteca wandb a una versión posterior a 3.5-turb. Esto solucionará la vulnerabilidad de exposición de información. Consulte la documentación de wandb para obtener instrucciones sobre cómo actualizar la biblioteca.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-4994 in wandb?

It means the technique to exploit the vulnerability is known and available to anyone, making it easier for attackers to use.

Am I affected by CVE-2026-4994 in wandb?

The vendor's lack of response is concerning and hinders risk assessment and solution availability. It could be due to various factors, but communication is essential in these cases.

How do I fix CVE-2026-4994 in wandb?

Implement mitigation measures such as restricting network access, monitoring logs, and considering firewall rules.

Is CVE-2026-4994 being actively exploited?

Look for unusual error patterns in server logs and monitor network activity for suspicious traffic.

Where can I find the official wandb advisory for CVE-2026-4994?

Currently, there are no specific tools available to detect this vulnerability, so manual monitoring and mitigation measures are crucial.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs