CVE Catalog
CVE-2026-43872
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.30%
22th percentile - higher than 22% of all known CVEs
Summary
Actual is an open-source personal finance application that was affected by a path traversal vulnerability in several endpoints prior to version 26.5.0. Version 26.5.0 fixes the issue.
Risk Assessment
Exploitation of this vulnerability could lead to unauthorized access to system files, posing a serious threat to user data security.
Recommendation
It is recommended to update the application to version 26.5.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.

