monetr CVE-2026-41644
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
Impact
A server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream responses reflected back in the API error message.
The URL validator on POST /api/lunch_flow/link only checked the URL scheme and rejected query parameters; it did not filter loopback, RFC1918, link-local, or cloud-provider metadata addresses. The outbound HTTP client read the response body via an unbounded io.ReadAll, and the controller intentionally surfaced the resulting error (which contained the upstream body) as the JSON error field of the API response.
Who is affected: self-hosted monetr deployments running the default configuration. Out of the box, LunchFlow.Enabled=true, AllowSignUp=true, and billing is not enforced, so any user who can register on the instance can reach the vulnerable endpoint. Deployments running in a cloud environment where instance metadata is reachable from the pod (e.g. AWS EC2 without IMDSv2 enforced) expand the impact to include potential exposure of instance metadata through the reflected error body.
Who is NOT affected: the hosted my.monetr.app service, which runs with LunchFlow.Enabled=false. Self-hosted operators who had already disabled public sign-up (MONETR_ALLOW_SIGN_UP=false) substantially reduce their exposure since only operator-trusted users can reach the endpoint.
A secondary denial-of-service vector also existed: because the outbound response body was read with no size cap, an attacker-influenced upstream could return a multi-GB body that monetr would fully buffer into memory.
Patches
Fixed in monetr v1.12.5. Users should upgrade to this release or later.
The fix introduces a new config field LunchFlow.AllowedApiUrls (a list of permitted Lunch Flow API URLs) with a default of ["https://lunchflow.app/api/v1"]. URLs outside the allowlist are rejected both at link-creation time and at client-construction time, with a server-side warning log on rejection. Response body reads are capped at 10 MiB for both success and error paths. The UI renders the API URL field as a disabled pre-filled input when a single URL is allowed, or a dropdown when multiple are allowed, so operators who need to use a staging or self-hosted Lunch Flow API opt in explicitly via config.
Upgrade note for self-hosters with a custom Lunch Flow URL: if your existing LunchFlowLink records point at a URL other than https://lunchflow.app/api/v1, set your lunchFlow.allowedApiUrls in your yaml config to include your custom URL before upgrading. Otherwise existing links will fail on next refresh or sync with a "Rejected Lunch Flow API URL that is not in the configured allowlist" warning in the server log.
Workarounds
For operators who cannot upgrade immediately, any of the following materially reduces or eliminates exposure:
- Disable public sign-up: set
MONETR_ALLOW_SIGN_UP=falseso only operator-trusted users can reach the vulnerable
endpoint. Recommended in general for internet-exposed self-hosted deployments.
- Disable Lunch Flow entirely: set
lunchFlow.enabled: falsein your config file. The endpoints will return 404 for
all callers.
- Network-level egress restriction: restrict outbound HTTP egress from the monetr pod/container to only
lunchflow.app (or whichever legitimate Lunch Flow hosts you use). Blocks the SSRF primitive regardless of application-layer validation.
- On AWS EC2 specifically: enforce IMDSv2 on the instance. This eliminates the cloud-metadata exfil path even if the
SSRF primitive remains reachable.
AnalysisAI
Server-side request forgery in monetr's Lunch Flow integration allows authenticated users on self-hosted instances to force the server to issue HTTP GET requests to arbitrary URLs, with response bodies from failed requests reflected in API error messages. This enables information disclosure attacks against internal networks, cloud metadata endpoints (AWS EC2 instance metadata without IMDSv2), and RFC1918 private addresses. The vulnerability is compounded by unbounded response buffering that creates a denial-of-service vector via memory exhaustion. Patch available in v1.12.5. The hosted my.monetr.app service is not affected as Lunch Flow is disabled there. Self-hosted instances with default configuration (Lunch Flow enabled, public signup allowed) are at highest risk.
Technical ContextAI
The vulnerability exists in monetr's Lunch Flow integration, a Go-based personal finance application. The vulnerable endpoint POST /api/lunch_flow/link accepted arbitrary URLs from authenticated users with insufficient validation-checking only URL scheme and rejecting query parameters, but failing to filter loopback addresses (127.0.0.0/8), RFC1918 private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), or cloud metadata endpoints (169.254.169.254 for AWS/GCP/Azure). The outbound HTTP client performed unbounded response body reads via io.ReadAll, and the controller surfaced upstream error responses (CWE-209: Generation of Error Message Containing Sensitive Information) in the JSON error field returned to the caller. This creates a classic SSRF primitive that converts the monetr server into a proxy for scanning internal networks and exfiltrating metadata via error message reflection. The Go HTTP client's default behavior combined with intentional error surfacing created both the SSRF vector and the information disclosure channel.
RemediationAI
Upgrade to monetr v1.12.5 or later, available at https://github.com/monetr/monetr/releases/tag/v1.12.5. The fix introduces LunchFlow.AllowedApiUrls configuration with a secure default whitelist of https://lunchflow.app/api/v1, rejects URLs outside the allowlist at both link-creation and client-construction time, and caps response body reads at 10 MiB to prevent memory exhaustion. Operators using custom Lunch Flow API URLs must add those URLs to lunchFlow.allowedApiUrls in configuration before upgrading to prevent existing integrations from breaking. For deployments unable to upgrade immediately, implement one or more workarounds: disable public signup via MONETR_ALLOW_SIGN_UP=false to limit exposure to trusted users only (recommended for all internet-facing instances regardless of vulnerability); disable Lunch Flow entirely with lunchFlow.enabled=false to return 404 on vulnerable endpoints; configure network-level egress filtering to restrict outbound HTTP from monetr containers to only legitimate Lunch Flow API hosts, which blocks SSRF at the network layer; or on AWS EC2 specifically, enforce IMDSv2 to prevent metadata endpoint access even if SSRF primitive remains exploitable. The egress filtering workaround is most robust as it provides defense-in-depth independent of application logic, though disabling public signup provides the fastest risk reduction for most operators. Patch implementation details in https://github.com/monetr/monetr/pull/3122 and commit c260caa3c573a4a396ec2d264c7641a5d958385b.
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-29v9-frvh-c426