Resource exhaustion in Monetr

CVE-2026-40481

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacke…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.004 (61.3th percentile) — read the EPSS interpretation.

Affected products

Monetr — versions < 1.12.4

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

https://github.com/monetr/monetr/security/advisories/GHSA-v7xq-3wx6-fqc2 (x_refsource_CONFIRM)
https://github.com/monetr/monetr/releases/tag/v1.12.4 (x_refsource_MISC)