← voltar
CVE-2026-39901

monetr: Protected Transactions Deletable via PUT

CVSS 5.7 MEDIUMEPSS 0.3%CWE-285
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 abr 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intended protection for imported transaction records and allows protected transactions to be hidden from normal views. This vulnerability is fixed in 1.12.3.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Produtos afetados
monetr · monetr

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/monetr/monetr/security/advisories/GHSA-hqxq-hwqf-wg83