CVE-2026-41687 — Server-Side Request Forgery
CVE-2026-41687 — Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40) uses an inline IP validation check (FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_
What This Means For You
- If your environment is affected by CWE-918, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-41687 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41687 | vulnerability | CVE-2026-41687 |
| CWE-918 | weakness | CWE-918 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 07, 2026 at 18:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-44264 — Weblate is a web based localization tool. Prior to version
CVE-2026-44264 — Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't...
CVE-2026-44263 — Weblate is a web based localization tool. Prior to version
CVE-2026-44263 — Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of...
gnutls CVE-2026-42011: Certificate Validation Bypass Poses MITM Risk
CVE-2026-42011 — A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had...