CVE-2026-41644

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L                                    

Vulnerability Description

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream responses reflected back in the API error message. This issue has been patched in version 1.12.5.

Vulnerability Details

Published Date

April 22, 2026

Last Modified

May 11, 2026

CWE ID

CWE-209

Source

GitHub

Vendor

Product

github.com/monetr/monetr

External References

https://github.com/monetr/monetr/security/advisories/GHSA-29v9-frvh-c426
https://github.com/monetr/monetr/pull/3122
https://github.com/monetr/monetr/commit/c260caa3c573a4a396ec2d264c7641a5d958385b
https://github.com/monetr/monetr/releases/tag/v1.12.5
https://github.com/advisories/GHSA-29v9-frvh-c426

CVE-2026-41644

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment