CVE-2026-7142
Published:April 27, 2026
Updated:May 18, 2026
A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.13.3rc1 and 0.14.0 is sufficient to resolve this issue. This patch is called f7846fc0c323da8325422cab32623491757f1b88. The affected component should be upgraded.
Affected Packages
https://github.com/wooey/Wooey.git (GITHUB):
Affected version(s) >=v0.0.3 <v0.13.3rc1Fix Suggestion:
Update to version v0.13.3rc1wooey (PYTHON):
Affected version(s) >=0.0.1 <0.13.3rc1Fix Suggestion:
Update to version 0.13.3rc1wooey (PYTHON):
Affected version(s) >=0.0.1 <0.13.3Fix Suggestion:
Update to version 0.13.3Related Resources (10)
Do you need more information?
Contact UsCVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Exploit Maturity
PROOF-OF-CONCEPT
EPSS
Base Score:
0.05