PatchSiren

waooAI CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW waooAI CVE published 2026-07-13

CVE-2026-15594

A vulnerability was found in waooAI waoowaoo up to 0.4.1, impacting the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from remote and requires a high level of complexity. This vulnerability allows for improper authorization when the storage [truncated]