CVE Tools
Home/Vulnerability/CVE-2026-7142

CVE-2026-7142

Wooey API Endpoint scripts.py add_or_update_script improper authorization

Published: Apr 27, 2026Updated: Apr 27, 2026 Sources: CVE List NVD
NVD MITRE
6.3CVSS
MEDIUM

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function add_or_update_script of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.13.3rc1 and 0.14.0 is sufficient to resolve this issue. This patch is called f7846fc0c323da8325422cab32623491757f1b88. The affected component should be upgraded.

EPSS Score
N/A
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
No Fix Available

CVSS Vector Breakdown

AV:NAC:LPR:LUI:NS:UC:LI:LA:L
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:LIntegrity
Low
A:LAvailability
Low

Weaknesses

CWE-266CWE-285

Affected Products

Wooey
n/a

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

References

https://vuldb.com/vuln/359741
vuldb.com
https://vuldb.com/vuln/359741/cti
vuldb.com
https://vuldb.com/submit/801533
vuldb.com
and 5 more references View all →

Timeline

Published
Apr 27, 2026
Last Updated
Apr 27, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-7142 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
AI-powered analysis
Plain-language impact assessment and exploitation scenario
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows