CVE-2026-15594 | waooAI waoowaoo up to 0.4.1 Media src/lib/media/hash.ts stablePublicIdFromStorageKey storageKey improper authorization (Issue 201)

SecurityVulns

A vulnerability labeled as problematic has been found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization.

This vulnerability was named CVE-2026-15594. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More