Transaction Integrity Flaw in Monetr Budgeting Application
CVE-2026-39901

5.7MEDIUM

Key Information:

Vendor: Monetr
Status: Monetr
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39901?

The Monetr budgeting application had a vulnerability that allowed authenticated tenant users to bypass the application's restrictions on deleting synced non-manual transactions. Specifically, prior to version 1.12.3, these users could soft-delete such transactions through the transaction update endpoint, even though the application was designed to block deletion via the standard DELETE mechanism. This flaw potentially undermines the integrity of imported transaction records, enabling protected transactions to become hidden from standard views. This issue has been resolved in the latest version.

Affected Version(s)

monetr < 1.12.3

References

https://github.com/monetr/monetr/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

CVE-2026-39901 Data

JSON