Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Wallos: Malicious Actions Can Be Performed Via Notification Testers
CVE-2026-30840
Summary
A security issue in older versions of Wallos allows attackers to make unauthorized requests on behalf of the server. This could lead to sensitive data being accessed or modified. Update to version 4.6.2 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| wallosapp | wallos | <= 4.6.2 | – |
Original title
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patc...
Original description
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched in version 4.6.2.
nvd CVSS3.0
8.8
Vulnerability type
CWE-295
Improper Certificate Validation
CWE-918
Server-Side Request Forgery (SSRF)
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026