CVE-2026-43977
Summary (CVE-2026-43977) : In wger, versions prior to 2.6 expose an IDOR: any authenticated user can read another user’s private workout data via /logs/ and /stats/ on a routine, because RoutinePermission incorrectly treats is_template=True as readable and RoutineViewSet actions return the owner’...