CVE-2026-4992 is a cross-site scripting vulnerability identified in wandb OpenUI version 1.0, affecting the HTMLAnnotator component within the backend/openui/server.py file, specifically the create_share and get_share functions. The vulnerability arises from improper sanitization of the 'ID' argument, which can be manipulated remotely to inject arbitrary HTML content. This flaw allows an attacker to craft malicious URLs or payloads that, when processed by the vulnerable functions, execute injected scripts in the context of the victim's browser session. The attack vector is network-based, requiring no authentication but some user interaction to trigger the payload. The CVSS 4.0 score is 5.3 (medium), reflecting the moderate impact on confidentiality and integrity, with no impact on availability. The vendor was notified early but has not issued any response or patch, and no known exploits are actively observed in the wild, though proof-of-concept code has been published. The vulnerability's exploitation could lead to session hijacking, credential theft, or phishing attacks by leveraging the victim's trust in the application interface. The lack of vendor response and patch availability increases the risk exposure for organizations relying on this software.

The primary impact of CVE-2026-4992 is the potential compromise of user confidentiality and integrity through the execution of malicious scripts in the context of wandb OpenUI users. Attackers can exploit this vulnerability to steal session tokens, perform unauthorized actions on behalf of users, or deliver phishing payloads. While availability is not directly affected, the trustworthiness of the application interface is undermined, potentially leading to reputational damage. Organizations using wandb OpenUI 1.0, especially those exposing the affected component to external or untrusted users, face increased risk of targeted attacks. The lack of vendor patches prolongs exposure, and the published exploit code lowers the barrier for attackers to develop weaponized attacks. This vulnerability could be leveraged in multi-stage attacks, particularly in environments where wandb OpenUI is integrated with sensitive workflows or data visualization platforms.

Until an official patch is released, organizations should implement strict input validation and sanitization on the 'ID' parameter within the create_share and get_share functions to neutralize potentially malicious HTML content. Employing a web application firewall (WAF) with custom rules to detect and block suspicious payloads targeting these endpoints can reduce exploitation risk. Restricting access to the OpenUI interface to trusted internal networks or VPN users minimizes exposure to external attackers. Educate users to be cautious about clicking untrusted links related to wandb OpenUI shares. Monitoring logs for unusual requests or error patterns associated with these functions can help detect attempted exploitation. Consider deploying Content Security Policy (CSP) headers to limit the impact of any injected scripts. Engage with the vendor or community to track patch releases and apply updates promptly once available. If feasible, isolate or disable the vulnerable HTMLAnnotator component until remediation is possible.