CVE Catalog

CVE-2026-43872

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

Actual is an open-source personal finance application that was affected by a path traversal vulnerability in several endpoints prior to version 26.5.0. Version 26.5.0 fixes the issue.

Risk Assessment

Exploitation of this vulnerability could lead to unauthorized access to system files, posing a serious threat to user data security.

Recommendation

It is recommended to update the application to version 26.5.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS