CVE-2026-15605
2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
Summary
A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The pull request to fix this issue awaits acceptance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | wandb | 0.25.2.dev1 | affected |
Weaknesses
- CWE-328: Use of Weak Hash
- CWE-327: Risky Cryptographic Algorithm
References
- https://vuldb.com/vuln/378114
- https://vuldb.com/vuln/378114/cti
- https://vuldb.com/cve/CVE-2026-15605
- https://vuldb.com/submit/855675
- https://github.com/wandb/wandb/issues/12030
- https://github.com/wandb/wandb/pull/12031
- https://github.com/wandb/wandb/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.