Package impact
PIP / wger
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-43948 | critical | 9.9 | 9.9 | 15d ago | wger: cross-tenant password reset and plaintext disclosure via gym=None bypass | |
| CVE-2026-43978 | high | — | 8.0 | 14d ago | wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager | |
| CVE-2026-43977 | high | — | 8.0 | 14d ago | wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API |