Plataforma
php
Componente
wallos
Corregido en
4.6.2
CVE-2026-27479 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Wallos, an open-source subscription tracker. This flaw allows attackers to bypass IP address validation and potentially access sensitive internal resources, including cloud instance metadata. The vulnerability impacts versions 4.6.0 and earlier, and a patch is available in version 4.6.1.
The SSRF vulnerability in Wallos arises from the application's handling of subscription and payment logo/icon uploads. While the application attempts to validate the IP address of the provided URL, it utilizes HTTP redirects (CURLOPT_FOLLOWLOCATION = true). This allows an attacker to craft a malicious URL that redirects to an internal resource, effectively bypassing the IP validation check. Successful exploitation could enable attackers to retrieve sensitive information from cloud instance metadata endpoints, potentially exposing API keys, credentials, or other confidential data. The blast radius extends to any internal services accessible via HTTP, and the vulnerability could be leveraged for reconnaissance and further attacks.
CVE-2026-27479 was publicly disclosed on 2026-02-21. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation. This vulnerability shares similarities with other SSRF exploits that leverage HTTP redirects to bypass security controls.
Organizations utilizing Wallos for subscription tracking, particularly those hosting the application on cloud platforms like AWS, Azure, or Google Cloud, are at risk. Shared hosting environments where Wallos is installed alongside other applications could also be vulnerable, as a compromise of one application could potentially lead to exploitation of this SSRF vulnerability.
• php: Examine Wallos application logs for unusual outbound HTTP requests, particularly those involving redirects to internal IP addresses or cloud metadata endpoints.
grep 'redirect' /var/log/apache2/access.log | grep '169.254' • generic web: Monitor access logs for requests to the logo upload endpoint with suspicious URL parameters.
curl -I 'http://your-wallos-instance/upload_logo.php?url=http://evil.com/redirect' • generic web: Check response headers for signs of internal resource exposure.
curl -I 'http://your-wallos-instance/upload_logo.php?url=http://169.254.169.254/latest/meta-data/'disclosure
Estado del Exploit
EPSS
0.03% (10% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-27479 is to upgrade Wallos to version 4.6.1 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds. A Web Application Firewall (WAF) can be configured to block requests containing suspicious URLs or redirect patterns. Restricting outbound connections from the Wallos application to only trusted internal resources can also limit the potential impact. Regularly review and audit the application's configuration to ensure adherence to security best practices. After upgrading, confirm the fix by attempting to upload a logo from a known internal resource and verifying that the request is properly blocked.
Actualice Wallos a la versión 4.6.1 o superior. Esta versión corrige la vulnerabilidad SSRF al validar correctamente las redirecciones HTTP al obtener logotipos e iconos de suscripciones y pagos.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-27479 is a Server-Side Request Forgery vulnerability in Wallos versions 4.6.0 and below, allowing attackers to bypass IP validation and access internal resources.
You are affected if you are running Wallos version 4.6.0 or earlier. Upgrade to version 4.6.1 to mitigate the vulnerability.
Upgrade Wallos to version 4.6.1. As a temporary workaround, implement WAF rules to block suspicious URLs and restrict outbound connections.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known.
Refer to the Wallos project's official website and security advisories for the latest information: [https://wallos.dev/security](https://wallos.dev/security)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.