CVE-2026-15605 PUBLISHED

wandb Artifact Integrity Validation hashutil.py ArtifactManifestEntry.download weak hash

Assigner: VulDB
Reserved: 13.07.2026 Published: 13.07.2026 Updated: 14.07.2026

A security vulnerability has been detected in wandb 0.25.2.dev1. Affected is the function ArtifactManifestEntry.download in the library wandb/sdk/lib/hashutil.py of the component Artifact Integrity Validation. The manipulation leads to use of weak hash. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The pull request to fix this issue awaits acceptance.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
CVSS Score: 2.3

Product Status

Vendor n/a
Product wandb
Versions
  • Version 0.25.2.dev1 is affected

Credits

  • Dem0000000 (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Use of Weak Hash CWE
  • Risky Cryptographic Algorithm CWE