CVE-2026-30840

NONE EPSS 38.8%
Published Mar 7, 20263mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 7, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched in version 4.6.2.

Threat Intelligence

EPSS Exploit Probability
38.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-295
CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
wallosappwallos* <4.6.2

References 3

  • github.com https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d
    Patch
  • github.com https://github.com/ellite/Wallos/releases/tag/v4.6.2
    Release Notes
  • github.com https://github.com/ellite/Wallos/security/advisories/GHSA-mr2c-prqv-hqm8
    ExploitMitigationVendor Advisory

Remediation

  • github.com https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d
    Patch