What is CVE-2026-7142?

CVE-2026-7142 is a medium-severity vulnerability in Wooey, classified under Incorrect Privilege Assignment. CVSS score: 6.3/10. Published 2026-04-27.

How severe is CVE-2026-7142?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Auth bypass in Wooey

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It…

EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

N/a Wooey — versions 0.13.0, 0.13.1, 0.13.2

Weakness classification (CWE)

References

VDB-359741 | Wooey API Endpoint scripts.py add_or_update_script improper authorization (technical-description, vdb-entry)
VDB-359741 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #801533 | wooey Wooey 0.13.3-dev Code Injection (third-party-advisory)
cna@vuldb.com (issue-tracking, exploit)
cna@vuldb.com (issue-tracking, patch)
cna@vuldb.com (patch)
cna@vuldb.com (patch)
cna@vuldb.com (product)

Frequently asked questions

What is CVE-2026-7142?: CVE-2026-7142 is a medium-severity vulnerability in Wooey, classified under Incorrect Privilege Assignment. CVSS score: 6.3/10. Published 2026-04-27.
How severe is CVE-2026-7142?: Medium severity. CVSS v3 base score is 6.3 out of 10.