CVE-2026-4993

LOW CVSS 3.3 View on NVD ↗

Description

A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

https://gist.github.com/YLChen-007/3bf37486022d4c57caec3a35cd79ac92
https://vuldb.com/?ctiid.353880
https://vuldb.com/?id.353880
https://vuldb.com/?submit.778265

Published: Mar 28, 2026 10:16 UTC Modified: Mar 28, 2026 10:16 UTC