CVE-2026-23844 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create accoun…
Medium CVSS: 4.9

CVE-2026-23844

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue.
Vendor
Whisper.money
Product
Whisper Money
CWE
CWE-488
Yayın Tarihi
2026-01-19 21:15:51
Güncelleme
2026-02-05 18:49:26
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-488 Whisper Money MEDIUM Whisper.money 2026

Referanslar

https://github.com/whisper-money/whisper-money/commit/80117c3edeaf5c5a5166f3815fc555a15b5ce686 https://github.com/whisper-money/whisper-money/pull/60 https://github.com/whisper-money/whisper-money/security/advisories/GHSA-c4g3-wpxr-2m74