CVE-2026-23844

CVSS v4.0

4.9

Medium

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Name of the Vulnerable Software and Affected Versions Whisper Money versions prior to 0.1.5

Description Whisper Money, a personal finance application, contains an insecure direct object reference issue. This allows a user to modify or create account balances for other users' bank accounts.

Recommendations Update to version 0.1.5 or later.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-488

Related Identifiers

CVE-2026-23844

GHSA-C4G3-WPXR-2M74

Affected Products

Whisper-Money

CVE-2026-23844

Weakness Enumeration

Related Identifiers

Affected Products

References · 8