CVE-2026-30828

UNKNOWN 0.0

Wallos: SSRF via url parameter leading to File Traversal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, the url parameter can be used to retrieve local system files. This issue has been patched in version 4.6.2.

CWE	CWE-29 CWE-22 CWE-918
Vendor	ellite
Product	wallos
Published	Mar 7, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for ellite wallos

Be the first to know when new unknown vulnerabilities affecting ellite wallos are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ellite / Wallos

< 4.6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ellite/Wallos/security/advisories/GHSA-p7qj-669r-grvc github.com: https://github.com/ellite/Wallos/commit/e8a513591dbbf885966e2ef55c38622785b9060d github.com: https://github.com/ellite/Wallos/releases/tag/v4.6.2