CVE-2026-4994

LOW 3.5

wandb OpenUI APIStatusError server.py generic_exception_handler information exposure

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

3th

A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error message. Access to the local network is required for this attack. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-209 CWE-200
Vendor	wandb
Product	openui
Published	Mar 28, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for wandb openui

Be the first to know when new low vulnerabilities affecting wandb openui are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

wandb / OpenUI

1.0 3.5-turb

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.353881 vuldb.com: https://vuldb.com/?ctiid.353881 vuldb.com: https://vuldb.com/?submit.778266 gist.github.com: https://gist.github.com/YLChen-007/8c6ff147186855e4b716e7526de213e1

Credits

🔍 Eric-b (VulDB User) VulDB