Skip to content
Threat Feed

Tag

CVE-2026-43978

1 brief RSS
high advisory

wger Trainer Login Privilege Escalation Vulnerability

A gym trainer in wger (<= 2.5) can escalate privileges to a gym manager by chaining calls to the trainer-login endpoint due to a flawed permission check, as tracked by CVE-2026-43978.

wger privilege-escalation web-application CVE-2026-43978
2r 1t