PT-2026-57862 · Waooai · Waooai
Dem0000000
·
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-15594
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
waooAI waoowaoo versions prior to 0.4.2
Description
Improper authorization occurs in the Media Handler component due to the manipulation of the
storageKey argument within the stablePublicIdFromStorageKey() function located in the src/lib/media/hash.ts library. This issue allows a remote attacker to bypass authorization, although the attack requires a high level of complexity and is considered difficult to execute.Recommendations
As a temporary workaround, restrict the use of the
stablePublicIdFromStorageKey() function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Waooai