Which versions of AI / ML are affected by CVE-2026-33401?

Wallos subscription tracker versions below 4.7.0 contain an SSRF vulnerability allowing authenticated users to access internal network resources and cloud metadata endpoints, creating a pathway for…. A patch is available.

How to fix or mitigate CVE-2026-33401?

Within 24 hours: inventory all Wallos instances and confirm current versions. Within 7 days: upgrade all Wallos deployments to version 4.7.0 or later and restrict account creation to trusted personnel only. Within 30 days: review access logs for the affected endpoints (/api/ollama, AI recommendations, cron notification handlers) for suspicious internal resource requests.

AI / ML CVE-2026-33401

Q: What is the CVSS score of CVE-2026-33401?

CVE-2026-33401 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-14947 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-03-24 GitHub_M

SSRF Microsoft AI / ML Ollama

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:17 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

4.7.0

EUVD ID Assigned

Mar 24, 2026 - 18:15 euvd

EUVD-2026-14947

Analysis Generated

Mar 24, 2026 - 18:15 vuln.today

CVE Published

Mar 24, 2026 - 17:58 nvd

HIGH 7.1

DescriptionNVD

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 (CVE-2026-30840) added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job. An authenticated user can reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by supplying a crafted URL to any of these endpoints. This issue has been patched in version 4.7.0.

AnalysisAI

Wallos, an open-source self-hostable subscription tracker, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.7.0 that allows authenticated users to access internal network services, cloud metadata endpoints, and localhost-bound services. The vulnerability exists in three unprotected attack surfaces: the AI Ollama host parameter, the AI recommendations endpoint, and the notification cron job-areas that were missed when SSRF protections were partially implemented in an earlier patch (CVE-2026-30840). …

RemediationAI

Within 24 hours: inventory all Wallos instances and confirm current versions. Within 7 days: upgrade all Wallos deployments to version 4.7.0 or later and restrict account creation to trusted personnel only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory