CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

CVE-2026-4993

Wandb OpenUI (up to 0.0.0.0/1.0) is affected by a vulnerability in backend/openui/config.py where manipulation of LITELLM_MASTER_KEY leads to hard-coded credentials. The issue enables a local attacker and the exploit has been disclosed publicly; vendor response was not provided. No further techni...

CVE-2026-4993 wandb OpenUI config.py hard-coded credentials

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLMMASTERKEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the...

EUVD-2026-16898

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

OpenUI 安全漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier contained security vulnerabilities, which were caused by incorrect handling of parameter keys, potentially leading to information leakage through error messages...

PT-2026-28712

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0/3.5-turb Description A flaw exists in wandb OpenUI that allows information disclosure through error messages. The issue is located in the generic exception handler function within the backend/openui/server.py...

PT-2026-28711

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 0.0.0.0/1.0 Description A security issue exists in wandb OpenUI related to hard-coded credentials. The manipulation of the LITELLM MASTER KEY argument within the file backend/openui/config.py can lead to exposure of...

OpenUI 信任管理问题漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier had a trust management vulnerability, which was caused by incorrect handling of the parameter LITELLMMASTERKEY, resulting in hardcoded credentials...

PT-2026-28713

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0 Description A cross site scripting issue exists in the file frontend/public/annotator/index.html of the Window Message Event Handler component. This manipulation can be initiated remotely and the exploit has bee...

OpenUI 代码注入漏洞

OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...

CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992

WandB OpenUI vulnerability CVE-2026-4992 affects the HTMLAnnotator component, specifically the create_share/get_share function in backend/openui/server.py. The issue arises from manipulating the ID argument, enabling HTML injection. Exploitation is possible remotely and the exploit has been publi...

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

PT-2026-28710

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0 Description A flaw exists in wandb OpenUI, specifically within the HTMLAnnotator component. The issue resides in the create share/get share function located in the backend/openui/server.py file. Manipulation of...

OpenUI 代码注入漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier had a code injection vulnerability, which was caused by incorrect handling of parameter IDs, potentially leading to HTML injection...

EUVD-2025-6831

Malicious code in bioql PyPI...

CVE-2025-0192

A stored Cross-site Scripting XSS vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially...

CVE-2025-0192

A stored Cross-site Scripting XSS vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially...