CVE-2026-15557 | waooAI waoowaoo up to 0.4.1 Internal Task Header src/lib/api-auth.ts x-internal-user-id request improper authentication (Issue 200)
A vulnerability has been found in waooAI waoowaoo up to 0.4.1 and classified as critical. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This manipulation of the argument x-internal-user-id request causes improper authentication.
This vulnerability is registered as CVE-2026-15557. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More