CVE-2026-30840

High CVSS: 8.8

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched in version 4.6.2.

Vendor

Wallosapp

Product

Wallos

CWE

CWE-295

Yayın Tarihi

2026-03-07 06:16:11

Güncelleme

2026-03-11 18:32:29

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-295 Wallos HIGH Wallosapp 2026

Referanslar

https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d https://github.com/ellite/Wallos/releases/tag/v4.6.2 https://github.com/ellite/Wallos/security/advisories/GHSA-mr2c-prqv-hqm8

Benzer Kayıtlar

Medium

CVE-2026-33417

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in…

High

CVE-2026-33399

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in v…

Medium

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scrip…

High

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in c…

High

CVE-2026-33407

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, Wallos endpoints/logos/se…

Medium

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.…