CVE-2026-41689 - Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services
CVE ID :CVE-2026-41689 Published : May 7, 2026, 1:53 p.m. | 1 hour, 10 minutes ago Description :Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for eve
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] 'What started as someone potentially trying to remove the background from a selfie ended with a custom .NET stealer rifling through their browser passwords': Experts warn that free image editor tool could actually be dangerous malware
- [CYBER] Kurly secures fresh funding amid challenges at Coupang
- [CYBER] What’s the “unsexy” problem in cyber that’s actually a total disaster?
- [CYBER] Russia’s telecom watchdog repels over 1,200 DDoS attacks in April
- [CYBER] Children of mothers who work nonstandard hours face greater vulnerability
- [CYBER] Critical vm2 Sandbox Escape Vulnerabilities Expose Node.js Apps to Full Host RCE