Weak Hash Vulnerability in WandB Artifact Integrity Validation Module
CVE-2026-15605
2.3LOW
What is CVE-2026-15605?
A vulnerability has been identified in the WandB library, specifically in the Artifact Integrity Validation functionality. The flaw resides in the function ArtifactManifestEntry.download, which utilizes a weak hashing method, potentially exposing the system to manipulation. This vulnerability poses a significant risk as it could allow attackers to exploit the component, although executing an attack requires a high level of complexity. Efforts to resolve this issue have been initiated, with a patch awaiting approval to strengthen the hashing mechanism and mitigate potential repercussions.
Affected Version(s)
wandb 0.25.2.dev1
