Plataforma
python
Componente
7b42be1da37af51a0cfba0866d100987
Corrigido em
1.0.1
A security vulnerability has been identified in wandb OpenUI versions up to 1.0, specifically within the createshare/getshare function of the backend/openui/server.py file. This flaw allows for HTML injection through manipulation of the 'ID' argument, potentially enabling attackers to inject malicious content. The vulnerability is remotely exploitable and a public exploit is already available, highlighting the urgency of addressing this issue.
Successful exploitation of CVE-2026-4992 allows an attacker to inject arbitrary HTML into the wandb OpenUI interface. This could lead to various malicious outcomes, including phishing attacks, defacement of the user interface, and potentially the execution of JavaScript code within the context of the user's browser. While direct server-side code execution is unlikely, the injected HTML could be used to steal user credentials or redirect users to malicious websites. The blast radius extends to any user interacting with the compromised wandb OpenUI instance.
A public exploit for CVE-2026-4992 has been published, indicating a relatively high probability of exploitation. The vulnerability was disclosed on 2026-03-27. The vendor was contacted but did not respond, suggesting a potential lack of immediate patching support. It is not currently listed on CISA KEV as of this writing.
Organizations and individuals utilizing wandb OpenUI version 1.0 are at risk. This includes data science teams, machine learning engineers, and anyone relying on wandb for experiment tracking and collaboration. The lack of vendor response increases the risk for those dependent on timely security updates.
• python / wandb: Inspect the backend/openui/server.py file for the vulnerable createshare/getshare function. Look for any instances where user-supplied input (the 'ID' argument) is directly inserted into HTML without proper sanitization.
# Example of vulnerable code (simplified)
if request.args.get('id'):
html_content = f'<p>Share ID: {request.args.get('id')}</p>'• generic web: Monitor access logs for requests to the createshare/getshare endpoint containing suspicious HTML payloads in the 'id' parameter.
• generic web: Check response headers for unexpected content-type values (e.g., text/html when a different type is expected).
disclosure
Status do Exploit
EPSS
0.03% (percentil 9%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-4992 is to upgrade to a patched version of wandb OpenUI. As no fixed version is currently specified, it's crucial to monitor the wandb project's release notes for updates addressing this vulnerability. Until a patch is available, consider implementing input validation on the 'ID' argument within the createshare/getshare function to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block HTML injection attempts can also provide an additional layer of defense. After upgrading, verify the fix by attempting to inject a simple HTML payload (e.g., <script>alert('XSS')</script>) through the createshare/getshare endpoint and confirming that it is properly sanitized.
Atualizar a biblioteca wandb OpenUI para uma versão posterior à 1.0, se disponível. Caso contrário, recomenda-se desabilitar ou remover o componente HTMLAnnotator até que uma versão corrigida seja publicada. Inspecionar e limpar as entradas do usuário antes de passá-las para a função create_share/get_share em server.py.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-4992 is a vulnerability in wandb OpenUI versions up to 1.0 that allows attackers to inject malicious HTML code by manipulating the 'ID' argument, potentially leading to phishing or defacement.
If you are using wandb OpenUI version 1.0, you are potentially affected by this vulnerability. Monitor the wandb project for updates and apply patches as soon as they are available.
The recommended fix is to upgrade to a patched version of wandb OpenUI. Until a patch is available, implement input validation on the 'ID' argument and consider using a WAF.
A public exploit exists, indicating a high probability of active exploitation. It's crucial to mitigate this vulnerability as quickly as possible.
Refer to the wandb project's release notes and security advisories for updates regarding CVE-2026-4992. Due to the lack of vendor response, information may be limited.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.