Is wger affected by CVE-2026-43977?

PyPI wger is affected in <=2.5.

Is CVE-2026-43977 being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

high

CVE-2026-43977

Q: Is CVE-2026-43977 being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

PyPI · wger

Summary

wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API

Severity: high
Also known as: GHSA-cj9g-27ph-4cgv
Published: 2026-05-14

References

https://github.com/wger-project/wger/security/advisories/GHSA-cj9g-27ph-4cgv
https://github.com/wger-project/wger

Related advisories

CVE-2026-43948 — critical · PyPI/wger
GHSA-mw8f-w6p8-xrf4 — high · PyPI/wger
CVE-2026-43978 — high · PyPI/wger
GHSA-xq9m-hmp9-fw87 — high · PyPI/wger
CVE-2026-40474 — high · PyPI/wger
GHSA-v25j-wqcw-fvhj — medium · PyPI/wger
GHSA-vqv8-j3mj-wjxj — medium · PyPI/wger
CVE-2026-40353 — medium · PyPI/wger

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.