Browse all 6 CVE security advisories affecting wger-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The wger-project is a fitness management platform enabling users to track workouts, nutrition, and weight progress. Historically, it has been susceptible to multiple vulnerability classes including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, with six CVEs documented. These vulnerabilities often stem from insufficient input validation and improper access controls in its web interface. The project maintains an open-source nature with regular security updates, though its widespread deployment in fitness environments necessitates ongoing vigilance against exploitation. No major security incidents have been widely reported, but the presence of multiple CVEs indicates consistent security challenges requiring proactive mitigation by implementers.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40474 | wger has Broken Access Control in the Global Gym Configuration Update Endpoint — wgerCWE-284 | 7.6 | High | 2026-04-17 |
| CVE-2026-40353 | wger: Stored XSS via Unescaped License Attribution Fields — wgerCWE-79 | 5.4AI | MediumAI | 2026-04-17 |
| CVE-2026-27839 | wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup — wgerCWE-639 | 4.3 | Medium | 2026-02-26 |
| CVE-2026-27838 | wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data — wgerCWE-639 | 3.1 | Low | 2026-02-26 |
| CVE-2026-27835 | wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data — wgerCWE-639 | 4.3 | Medium | 2026-02-26 |
| CVE-2022-2650 | Improper Restriction of Excessive Authentication Attempts in wger-project/wger — wger-project/wgerCWE-307 | 9.8 | - | 2022-11-24 |
This page lists every published CVE security advisory associated with wger-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.