{"data":{"id":"1ebde2e0-f598-4ff7-9089-d8a6210f73fd","title":"CVE-2026-33401: Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in c","summary":"Wallos, an open-source tool for tracking subscriptions that users can run on their own servers, had incomplete security protections in versions before 4.7.0. A logged-in attacker could bypass these protections by sending specially crafted web addresses to three different features (AI Ollama settings, AI recommendations, and notification scheduling), allowing them to reach internal systems or cloud configuration services they shouldn't access.","solution":"Update to version 4.7.0, which patches this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-33401","publishedAt":"2026-03-24T18:16:11.467Z","cveId":"CVE-2026-33401","cweIds":["CWE-918"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Ollama"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-24T18:16:11.467Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}