Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wireapp — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting wireapp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wire is an enterprise-grade secure messaging platform designed for encrypted communication among organizations, prioritizing data sovereignty and compliance. With 28 recorded Common Vulnerabilities and Exposures (CVEs), its security history reflects typical web application risks rather than fundamental architectural flaws. The majority of these issues involve cross-site scripting (XSS), SQL injection, and improper access control mechanisms, indicating that most vulnerabilities stem from implementation errors in client-side interfaces or backend API handlers rather than core cryptographic failures. Notably, the platform has not suffered any major public breaches compromising user message content, suggesting that its end-to-end encryption model remains robust against external attacks. However, the frequency of CVEs highlights the ongoing challenge of maintaining rigorous code quality in complex collaborative software. Administrators must prioritize regular patching to mitigate these common exploitation vectors, ensuring that the theoretical security benefits of the platform are preserved in practice.

Top products by wireapp: wire-ios wire-webapp wire-server wire-avs wire-desktop restund wire-ios-transport
CVE IDTitleCVSSSeverityPublished
CVE-2025-49846 wire-ios accidentally logs message contents — wire-iosCWE-117 4.6AIMediumAI2025-07-03
CVE-2025-48066 wire-webapp has no database deletion on client logout — wire-webappCWE-226 6.0 Medium2025-05-22
CVE-2025-48061 wire-webapp Has Insufficient Session Invalidation after User Logout — wire-webappCWE-613 5.6 Medium2025-05-22
CVE-2023-48221 wire-avs remote format string vulnerability — wire-avsCWE-134 7.3 High2023-11-20
CVE-2023-22737 wire-server vulnerable to unauthorized removal of Bots from Conversations — wire-serverCWE-862 6.5 Medium2023-01-27
CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering — wire-webappCWE-755 5.3 Medium2023-01-27
CVE-2022-31122 Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation — wire-serverCWE-287 9.8 Critical2022-10-18
CVE-2022-29168 Cross Site Scripting in Wire Messages — wire-webappCWE-79 9.6 Critical2022-06-25
CVE-2022-31009 DoS vulnerability: Invalid Accent Colors — wire-iosCWE-617 5.7 Medium2022-06-23
CVE-2022-24799 Cross Site Scripting in Wire Webapp — wire-webappCWE-79 9.6 Critical2022-04-20
CVE-2021-41119 DoS vulnerabiliity in wire-server json parser — wire-serverCWE-400 5.3 Medium2022-04-13
CVE-2022-23610 Improper Verification of Cryptographic Signature in wire-server — wire-serverCWE-347 9.1 Critical2022-03-16
CVE-2022-23625 DoS vulnerability: Malformed Resource Identifiers — wire-iosCWE-755 6.5 Medium2022-03-11
CVE-2021-41193 Use of Externally-Controlled Format String in wire-avs — wire-avsCWE-134 9.8 Critical2022-03-01
CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp — wire-webappCWE-212 4.4 Medium2022-02-04
CVE-2021-41100 Account takeover when having only access to a user's short lived token in wire-server — wire-serverCWE-285 7.4 High2021-10-04
CVE-2021-41094 Mandatory encryption at rest can be bypassed (UI) in Wire app — wire-iosCWE-668 4.2 Medium2021-10-04
CVE-2021-41093 Account takeover when having only access to a user's short lived token — wire-iosCWE-285 7.4 High2021-10-04
CVE-2021-41101 CORS `Access-Control-Allow-Origin` settings are too lenient — wire-serverCWE-79 5.7 Medium2021-09-30
CVE-2021-32755 Certificate pinning is not enforced on the web socket connection — wire-ios-transportCWE-295 5.4 Medium2021-07-13
CVE-2021-32683 XSS through createObjectURL — wire-webappCWE-79 8.8 High2021-06-15
CVE-2021-21382 Unsafe loopback forwarding interface in Restund — restundCWE-668 8.6 High2021-06-11
CVE-2021-32666 Asset DoS vulnerability — wire-iosCWE-20 6.5 Medium2021-06-03
CVE-2021-32665 Verified groups not reliable — wire-iosCWE-345 8.8 High2021-06-03
CVE-2021-21400 Entering code in App Lock modal sends input to conversation — wire-webappCWE-200 7.1 High2021-04-02
CVE-2021-21396 Bulk list client endpoint exposes too much metadata about a client — wire-serverCWE-200 6.5 Medium2021-03-26
CVE-2021-21301 Video feed was captured while user has disabled video — wire-iosCWE-200 2.6 Low2021-02-11
CVE-2020-15258 Insecure use of shell.openExternal in Wire — wire-desktopCWE-20 8.0 High2020-10-16

This page lists every published CVE security advisory associated with wireapp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.