CVE-2026-30840

Summary

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched in version 4.6.2.

Affected Software

VendorProductVersion RangeStatus
elliteWallos< 4.6.2affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)
  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References