{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33401", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-19T17:02:34.170Z", "datePublished": "2026-03-24T17:58:47.336Z", "dateUpdated": "2026-03-24T18:11:38.820Z"}, "containers": {"cna": {"title": "Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/ellite/Wallos/security/advisories/GHSA-r82v-p8cg-rgx3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ellite/Wallos/security/advisories/GHSA-r82v-p8cg-rgx3"}, {"name": "https://github.com/ellite/Wallos/commit/e87387f0ebb540cd33e6dfda7181db9db650ecef", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellite/Wallos/commit/e87387f0ebb540cd33e6dfda7181db9db650ecef"}, {"name": "https://github.com/ellite/Wallos/commit/e8a513591", "tags": ["x_refsource_MISC"], "url": "https://github.com/ellite/Wallos/commit/e8a513591"}], "affected": [{"vendor": "ellite", "product": "Wallos", "versions": [{"version": "< 4.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T17:58:47.336Z"}, "descriptions": [{"lang": "en", "value": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job. An authenticated user can reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by supplying a crafted URL to any of these endpoints. This issue has been patched in version 4.7.0."}], "source": {"advisory": "GHSA-r82v-p8cg-rgx3", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T18:11:06.760588Z", "id": "CVE-2026-33401", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:11:38.820Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33401", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T18:11:06.760588Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T18:11:30.124Z"}}], "cna": {"title": "Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php", "source": {"advisory": "GHSA-r82v-p8cg-rgx3", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ellite", "product": "Wallos", "versions": [{"status": "affected", "version": "< 4.7.0"}]}], "references": [{"url": "https://github.com/ellite/Wallos/security/advisories/GHSA-r82v-p8cg-rgx3", "name": "https://github.com/ellite/Wallos/security/advisories/GHSA-r82v-p8cg-rgx3", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ellite/Wallos/commit/e87387f0ebb540cd33e6dfda7181db9db650ecef", "name": "https://github.com/ellite/Wallos/commit/e87387f0ebb540cd33e6dfda7181db9db650ecef", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ellite/Wallos/commit/e8a513591", "name": "https://github.com/ellite/Wallos/commit/e8a513591", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job. An authenticated user can reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by supplying a crafted URL to any of these endpoints. This issue has been patched in version 4.7.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-24T17:58:47.336Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33401", "state": "PUBLISHED", "dateUpdated": "2026-03-24T18:11:38.820Z", "dateReserved": "2026-03-19T17:02:34.170Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-24T17:58:47.336Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wallosapp:wallos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7376DD5F-C93E-4454-810B-DE04B2DE7032", "versionEndExcluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job. An authenticated user can reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by supplying a crafted URL to any of these endpoints. This issue has been patched in version 4.7.0."}, {"lang": "es", "value": "Wallos es un rastreador de suscripciones personales de c\u00f3digo abierto y autoalojable. Antes de la versi\u00f3n 4.7.0, el parche introducido en el commit e8a513591 (CVE-2026-30840) a\u00f1adi\u00f3 protecci\u00f3n SSRF a los puntos finales de prueba de notificaci\u00f3n, pero dej\u00f3 tres superficies de ataque adicionales desprotegidas: el par\u00e1metro de host de AI Ollama, el punto final de recomendaciones de AI y el trabajo cron de notificaci\u00f3n. Un usuario autenticado puede alcanzar servicios de red internos, puntos finales de metadatos en la nube (AWS IMDSv1, GCP, Azure IMDS) o servicios vinculados a localhost al proporcionar una URL manipulada a cualquiera de estos puntos finales. Este problema ha sido parcheado en la versi\u00f3n 4.7.0."}], "id": "CVE-2026-33401", "lastModified": "2026-03-26T20:49:04.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-24T18:16:11.467", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ellite/Wallos/commit/e87387f0ebb540cd33e6dfda7181db9db650ecef"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ellite/Wallos/commit/e8a513591"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/ellite/Wallos/security/advisories/GHSA-r82v-p8cg-rgx3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.7.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Wallos", "source": "cna", "vendor": "ellite"}, "product": "wallos", "vendor": "ellite"}], "analysis": {"en": {"generated_at": "2026-03-24T20:52:25.328045+00:00", "value": {"mitigation_remediation": ["Update Wallos to version 4.7.0 or later", "If an update is not possible, disable or restrict the AI host parameter, AI recommendations endpoint, and notification cron job until a patch is applied", "Limit outbound network traffic from the Wallos instance to trusted destinations", "Monitor application logs for unexpected outbound HTTP requests to internal or metadata addresses"], "summary": {"action": "Patch", "impact": "Internal Network Access"}, "threat_synthesis": {"affected_systems": "Ellite Wallos installations running any version before 4.7.0 are vulnerable. The specific unprotected interfaces are the AI Ollama host setting, the AI recommendations endpoint, and the scheduled notification task. Version 4.7.0 and later include the complete protection for these surfaces.", "description_and_impact": "Wallos contains an incomplete patch for a prior Server\u00a0Side Request Forgery flaw. An authenticated user can submit a crafted URL to the AI Ollama host parameter, the AI recommendations endpoint, or the notification cron job. The application will then issue HTTP requests to arbitrary internal IPs, cloud\u2011metadata services, or localhost services, allowing the attacker to gain access to internal resources and potentially pivot to further attacks. The vulnerability does not provide direct code execution on the host but enables information disclosure and lateral movement within the network.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.1, indicating high severity. The likelihood of exploitation is uncertain because the EPSS value is not publicly available. The flaw is not listed in the CISA KEV catalog. The attack vector is an authenticated user who can supply a malicious URL to the affected endpoints, which can be exploited when the application has outbound network connectivity to internal or cloud\u2011metadata targets. When such connectivity exists, the risk of sensitive data exposure or subsequent internal attacks is elevated, warranting prompt remediation."}}}}, "created": "2026-03-25T11:46:51.308274+00:00", "updated": "2026-03-25T20:49:36.484502+00:00", "vendors": ["ellite", "ellite$PRODUCT$wallos"]}