CVE-2026-43948 | wger-project wger up to 2.5 Response Body reset_user_password/gym_permissions_user_edit authorization

A vulnerability classified as critical was found in wger-project wger up to 2.5. Impacted is the function reset_user_password/gym_permissions_user_edit of the component Response Body Handler. Executing a manipulation can lead to incorrect authorization.

This vulnerability is tracked as CVE-2026-43948. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More