CVE-2026-40474 | wger-project wger up to 2.4 Configuration config.change_gymconfig save access control

Inserito da Angelo Barbosa | Apr 17, 2026 | CVE

A vulnerability, which was classified as critical, was found in wger-project wger up to 2.4. This impacts the function Save of the file config.change_gymconfig of the component Configuration Handler. Such manipulation leads to improper access controls.

This vulnerability is documented as CVE-2026-40474. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-40474 | wger-project wger up to 2.4 Configuration config.change_gymconfig save access control

Post correlati

CVE-2024-20104 | MediaTek MT8676 Da out-of-bounds write (MSV-1772 / ALPS09073261)

CVE-2024-11429 | galdub Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Plugin Shortcode stars-testimonials-with-slider-and-masonry-grid filename control

CVE-2024-5360 | PHPGurukul Zoo Management System 2.1 foreigner-bwdates-reports-details.php fromdate sql injection

CVE-2024-22029 | Apache Tomcat up to 9.0.84 Local Privilege Escalation