Vendor
A high-severity improper authentication vulnerability, CVE-2026-15557, exists in waooAI waoowaoo up to version 0.4.1, allowing remote attackers to bypass authentication and gain unauthorized access by manipulating the 'x-internal-user-id' request argument in the Internal Task Header Handler component, with a public exploit available.