{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4993", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T13:47:57.347Z", "datePublished": "2026-03-28T09:15:09.765Z", "dateUpdated": "2026-03-30T15:44:20.422Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-28T09:15:09.765Z"}, "title": "wandb OpenUI config.py hard-coded credentials", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-798", "lang": "en", "description": "Hard-coded Credentials"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-259", "lang": "en", "description": "Use of Hard-coded Password"}]}], "affected": [{"vendor": "wandb", "product": "OpenUI", "versions": [{"version": "0.0.0", "status": "affected"}, {"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T14:53:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-b (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.353880", "name": "VDB-353880 | wandb OpenUI config.py hard-coded credentials", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353880", "name": "VDB-353880 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.778265", "name": "Submit #778265 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Use of Hard-coded Credentials (CWE-798)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:44:05.413241Z", "id": "CVE-2026-4993", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:44:20.422Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4993", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T15:44:05.413241Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:44:16.363Z"}}], "cna": {"title": "wandb OpenUI config.py hard-coded credentials", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-b (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "wandb", "product": "OpenUI", "versions": [{"status": "affected", "version": "0.0.0"}, {"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-27T14:53:43.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.353880", "name": "VDB-353880 | wandb OpenUI config.py hard-coded credentials", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353880", "name": "VDB-353880 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.778265", "name": "Submit #778265 | Weights and Biases OpenUI <= 1.0 (commit f9d8f0e) Use of Hard-coded Credentials (CWE-798)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "Hard-coded Credentials"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-28T09:15:09.765Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4993", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:44:20.422Z", "dateReserved": "2026-03-27T13:47:57.347Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-28T09:15:09.765Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-4993", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-28T10:16:31.853", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353880"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353880"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.778265"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}, {"lang": "en", "value": "CWE-798"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "OpenUI", "source": "cna", "vendor": "wandb"}, "product": "openui", "vendor": "wandb"}], "analysis": {"en": {"generated_at": "2026-03-28T10:21:12.299591+00:00", "value": {"mitigation_remediation": ["Verify the version of wandb OpenUI you are running and confirm if it is within the vulnerable range.", "If a newer, non\u2011vulnerable version exists, upgrade the application immediately.", "If upgrading is not feasible, restrict local access to the OpenUI service through firewall rules, network segmentation, or container isolation so that only trusted hosts can reach it.", "Monitor authentication logs for unusual credential usage or repeated access attempts that may indicate exploitation.", "Contact wandb support to request an official patch or further guidance on mitigations."], "summary": {"action": "Assess", "impact": "Credential Leakage"}, "threat_synthesis": {"affected_systems": "The affected product is wandb OpenUI. Versions up to and including 0.0.0.0/1.0 are impacted. No patch or upgrade path is currently available from the vendor.", "description_and_impact": "The vulnerability occurs when the LITELLM_MASTER_KEY argument in wandb OpenUI\u2019s config.py is manipulated, causing the application to store hard\u2011coded credentials that can be retrieved by a local attacker. This leads to a loss of confidentiality and the potential for local privilege escalation or unauthorized access to the service. The weakness is captured by CWE-259 (Hard\u2011coded Password) and CWE-798 (Use of Hard\u2011coded Credentials). The disclosed exploit is available to the public, and the vendor has not addressed it publicly.", "risk_and_exploitability": "The CVSS score of 4.8 indicates a medium severity problem. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the attack requires local access to the machine running the service and the vendor has not released a fix, the risk is limited to environments where the OpenUI component is exposed to potentially compromised local users or processes. The known exploit can be executed without additional external manipulation, and the lack of a remediation reduces the time window for detection to the interval between the disclosure and any future vendor response."}}}}, "created": "2026-03-29T20:32:39.626321+00:00", "updated": "2026-03-30T06:59:48.886486+00:00", "vendors": ["wandb", "wandb$PRODUCT$openui"]}