Skip to main content

Wrangler

4 CVEs product

Monthly

CVE-2026-0933 npm CRITICAL PATCH Act Now

Cloudflare Wrangler CLI has a CVSS 9.9 command injection vulnerability in the 'wrangler pages deploy' command that allows arbitrary code execution during deployment.

Command Injection Wrangler Cloudflare
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2023-7080 npm HIGH PATCH This Week

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE SSRF Wrangler
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-7079 npm MEDIUM PATCH This Month

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Wrangler
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-3348 npm MEDIUM PATCH This Month

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wrangler
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Cloudflare Wrangler CLI has a CVSS 9.9 command injection vulnerability in the 'wrangler pages deploy' command that allows arbitrary code execution during deployment.

Command Injection Wrangler Cloudflare
NVD GitHub
EPSS 1% CVSS 8.0
HIGH PATCH This Week

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE SSRF +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Wrangler
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wrangler
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy