Medium severity4.3NVD Advisory· Published Mar 27, 2026· Updated Apr 29, 2026

CVE-2026-4992

Description

A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated HTML injection in wandb OpenUI's share functionality allows stored XSS leading to session hijacking and account takeover.

Vulnerability

Overview

A flaw in wandb OpenUI up to version 1.0 allows unauthenticated HTML injection via the create_share and get_share endpoints in backend/openui/server.py. The id argument is not validated, and the application fails to sanitize HTML input before saving or rendering it. This enables an attacker to inject arbitrary HTML or JavaScript into shared components [1].

Attack

Vector

The attack is performed remotely without authentication. The share endpoints lack the authentication middleware, unlike other endpoints such as chat_completions which verify the user session. An attacker can craft a request to create or overwrite a shared component by supplying a malicious html field in the JSON payload. The id parameter is attacker-controlled, allowing overwrite of any existing share by guessing or knowing the ID [1].

Impact

When a victim views the compromised share link, the injected script executes within an iframe that has allow-same-origin permissions. This allows the script to access parent.document.cookie, exposing the victim's session token. Successful exploitation leads to session hijacking and full account takeover [1].

Mitigation

The vendor was contacted but did not respond. No official patch is available as of the publication date. Users should restrict access to the OpenUI instance or implement external authentication and input sanitization until a fix is available [1].

References

Unauthenticated Share Creation/Overwrite and Stored XSS Chain Allows Account Takeover

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Wandb/Openuillm-fuzzy
Range: <=1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

4.3/ 10

CVSS v42.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: Required
Scope: Unchanged
Confidentiality: None
Integrity: Low
Availability: None

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

Probability of exploitation in the next 30 days.

0.04%

VYPR risk score

Composite of severity, exploitation, and reach.

0.28low

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94
Improper Control of Generation of Code ('Code Injection')

CVE ID

CVE-2026-4992

Credits

E(
Eric-b (VulDB User)
reporter
V
VulDB
coordinator