VYPR
Unrated severityOSV Advisory· Published Jan 19, 2026· Updated Jan 20, 2026

Whisper Money has IDOR Vulnerability on sync/balances endpoint

CVE-2026-23844

Description

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.