PT-2026-57862 · Waooai · Waooai

Dem0000000

·

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-15594

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions waooAI waoowaoo versions prior to 0.4.2
Description Improper authorization occurs in the Media Handler component due to the manipulation of the storageKey argument within the stablePublicIdFromStorageKey() function located in the src/lib/media/hash.ts library. This issue allows a remote attacker to bypass authorization, although the attack requires a high level of complexity and is considered difficult to execute.
Recommendations As a temporary workaround, restrict the use of the stablePublicIdFromStorageKey() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15594

Affected Products

Waooai