Weak Hash Vulnerability in WandB Artifact Integrity Validation Module
CVE-2026-15605

2.3LOW

Key Information:

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-15605?

A vulnerability has been identified in the WandB library, specifically in the Artifact Integrity Validation functionality. The flaw resides in the function ArtifactManifestEntry.download, which utilizes a weak hashing method, potentially exposing the system to manipulation. This vulnerability poses a significant risk as it could allow attackers to exploit the component, although executing an attack requires a high level of complexity. Efforts to resolve this issue have been initiated, with a patch awaiting approval to strengthen the hashing mechanism and mitigate potential repercussions.

Affected Version(s)

wandb 0.25.2.dev1

References

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dem0000000 (VulDB User)
VulDB CNA Team
.