A vulnerability classified as critical was found in wger-project wger up to 2.5 . Impacted is the function reset_user_password/gym_permissions_user_edit of the component Response Body Handler . Executing a manipulation can lead to incorrect authorization. This vulnerability is tracked as CVE-2026-43948 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.