PatchSiren

wandb CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW wandb CVE published 2026-07-13

CVE-2026-15605

A security vulnerability has been detected in wandb 0.25.2.dev1, specifically in the ArtifactManifestEntry.download function within the wandb/sdk/lib/hashutil.py file, which is part of the Artifact Integrity Validation component. The issue involves the use of a weak hash. The attack may be initiated remotely, but a high degree of complexity is needed, and exploitability is considered difficult. A pull req [truncated]