216.73.217.172

CVE-2026-23844

· Published 19/01/2026 21:15 · Modified 19/01/2026 21:15

Labels: CVE-2026-23844 2026-01-19CVE-2026-23844CWE-488[email protected]

Essential information

Published
19/01/2026 21:15
Modified
19/01/2026 21:15
Author
Creator
CVSS
4.9 MEDIUM (v3) 4.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
whisper money / whisper money cpe:2.3:a:whisper_money:whisper_money:<0.1.5:*:*:*:*:*:*:*

References