PT-2026-27948

Name of the Vulnerable Software and Affected Versions Widget Wrangler versions prior to 2.3.9 Description A code injection issue exists in Jonathan Daggerhart Widget Wrangler. The issue involves improper control of code generation. This allows for code injection. Recommendations Update Widget...

@astrojs/cloudflare (=0.4.0), @cfpreview/pages-e2e-test-runner-cli (>=0.0.1 <=0.0.8) +20 more potentially affected by CVE-2026-0933 via wrangler (>=2.0.23 <=3.114.1)

wrangler NPM version =2.0.23, =0.0.1, =1.0.387, =0.5.41, =2.1.0, =0.0.0-next-20230221055802, =1.0.0, =0.0.3, =0.0.47, =1.0.0, =1.0.0, =0.1.1, =0.1.106 and more Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...

@abuiles/vite-plugin (>=1.8.0 <=1.10.0), @anyauth/design-system (>=0.5.0 <=0.5.1) +13 more potentially affected by CVE-2026-0933 via wrangler (>=4.0.0 <=4.59.0)

wrangler NPM version =4.0.0, =1.8.0, =0.5.0, =12.6.6, =0.1.11, =0.8.0, =0.2.0, =0.0.0, =0.0.0-snapshot-00ab90b686754a33aa500cf83291fab93d5b82d9, =1.0.6, =1.7.8, =0.0.5, =0.1.0, =4.1.11, =6.3.1 Source cves: CVE-2026-0933 Source advisory: OSV:GHSA-36P8-MVP6-CV38...

@astrojs/cloudflare (=0.4.0), @cfpreview/pages-e2e-test-runner-cli (>=0.0.1 <=0.0.8) +20 more potentially affected by CVE-2026-0933 via wrangler (>=2.0.23 <=3.114.1)

wrangler NPM version =2.0.23, =0.0.1, =1.0.387, =0.5.41, =2.1.0, =0.0.0-next-20230221055802, =1.0.0, =0.0.3, =0.0.47, =1.0.0, =1.0.0, =0.1.1, =0.1.106 and more Source cves: CVE-2026-0933 Source advisory: SNYK:JS-WRANGLER-15046269...

@abuiles/vite-plugin (>=1.8.0 <=1.10.0), @anyauth/design-system (>=0.5.0 <=0.5.1) +13 more potentially affected by CVE-2026-0933 via wrangler (>=4.0.0 <=4.59.0)

wrangler NPM version =4.0.0, =1.8.0, =0.5.0, =12.6.6, =0.1.11, =0.8.0, =0.2.0, =0.0.0, =0.0.0-snapshot-00ab90b686754a33aa500cf83291fab93d5b82d9, =1.0.6, =1.7.8, =0.0.5, =0.1.0, =4.1.11, =6.3.1 Source cves: CVE-2026-0933 Source advisory: SNYK:JS-WRANGLER-15046269...

EUVD-2023-0535

Malicious code in bioql PyPI...

managed-component-to-cloudflare-worker (=1.5.2) potentially affected by CVE-2023-7080 via wrangler (=2.0.23)

wrangler NPM version =2.0.23 is affected by a known vulnerability. The following packages have a transitive dependency on wrangler and may be impacted: - managed-component-to-cloudflare-worker =1.5.2 Source cves: CVE-2023-7080 Source advisory: OSV:GHSA-F8MP-X433-5WPF...

@0xclearview/svelte-tiny-virtual-table (>=0.0.1 <=0.0.4), @arc-dev/cli (>=0.0.2-alpha.7 <=0.0.2-alpha.27) +115 more potentially affected by CVE-2023-7080 via wrangler (>=3.100.0 <=3.18.0)

wrangler NPM version =3.100.0, =0.0.1, =0.0.2-alpha.7, =0.0.0-ast-20240419160649, =0.0.1, =1.0.0, =0.12.0, =0.12.0, =0.12.0, =0.12.0, =0.12.0, =0.13.12, =10.3.0, =1.0.166, =1.0.411 and more Source cves: CVE-2023-7080 Source advisory: OSV:GHSA-F8MP-X433-5WPF...

Command injection

A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 a...

PT-2023-1492 · Suse · Suse Rancher Wrangler

Name of the Vulnerable Software and Affected Versions: SUSE Rancher wrangler versions 0.7.3 and prior versions SUSE Rancher wrangler versions 0.8.4 and prior versions SUSE Rancher wrangler versions 1.0.0 and prior versions Description: A command injection vulnerability exists in the Wrangler Git...