VYPR
Unrated severityNVD Advisory· Published Mar 7, 2026· Updated Mar 9, 2026

Wallos: SSRF via url parameter leading to File Traversal

CVE-2026-30828

Description

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2.

Affected products

2
  • Ellite/Wallosllm-fuzzy2 versions
    <4.6.2+ 1 more
    • (no CPE)range: <4.6.2
    • (no CPE)range: < 4.6.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.