Executive Summary

CVE-2026-4994 is a vulnerability in the wandb OpenUI Python package affecting the generic_exception_handler function in backend/openui/server.py. The issue arises because raw Python exception strings are directly embedded into JSON error responses without proper sanitization. This causes sensitive internal information, such as Python exception types, module paths, code structure, and upstream API keys, to be exposed to authenticated users.

The vulnerability can be triggered by sending malformed requests, for example, to the /v1/chat/completions endpoint without required fields, which causes unhandled exceptions to be caught by the generic handler and leaked in error messages. Additionally, error messages from upstream LLM SDKs are forwarded verbatim to clients, potentially exposing full or partial API keys.

Other affected components include the OAuth callback handler, which sets raw exception strings as browser cookie values, and the Ollama streaming handler, which yields raw exception strings over Server-Sent Events. In local deployment modes, any attacker with access to the local network can exploit this without explicit authentication.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to significant information disclosure and credential exposure. Attackers can obtain detailed internal server information such as Python exception types, filesystem paths, database schema details, and Python package versions.

More critically, it can leak upstream LLM provider API keys in error messages, which may allow attackers to misuse these credentials for unauthorized access or further attacks.

The exposed information can aid attackers in reconnaissance and facilitate more sophisticated attacks against the system or its infrastructure.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by sending crafted requests to the wandb OpenUI API endpoints and observing if detailed error messages exposing internal server information or API keys are returned.

A simple test is to send a request to the /v1/chat/completions endpoint without the required 'model' field, which triggers an AttributeError that is exposed in the error response.

Proof-of-concept commands include obtaining a session cookie and then triggering the error by omitting the 'model' field or by requesting a model with a misconfigured upstream API key to observe if sensitive information is leaked.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability leads to information disclosure, including exposure of internal Python exception details and upstream API keys, which can be considered sensitive information.

Exposure of such sensitive data could potentially violate data protection regulations like GDPR or HIPAA, which require safeguarding of personal and sensitive information against unauthorized access or disclosure.

Specifically, leaking API keys and internal system information may increase the risk of unauthorized access or further exploitation, undermining compliance with security and privacy requirements mandated by these standards.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the vulnerability in wandb OpenUI, immediate steps include restricting access to the local network to prevent unauthorized attackers from exploiting the information disclosure.

Avoid sending malformed requests that trigger the generic exception handler, such as requests missing required fields like the 'model' field in the /v1/chat/completions endpoint.

Monitor and limit exposure of upstream LLM provider API keys, as these can be leaked in error messages if the keys are rejected or misconfigured.

Since no patched versions are specified, consider implementing custom error handling to avoid exposing raw exception strings in responses, cookies, or server-sent events.

If possible, deploy the application in a more restrictive environment or behind additional security layers such as firewalls or VPNs to limit network adjacency.

Useful 0 Not Useful 0