CVE-2026-43872

CVE Database · CVE-2026-43872

CVE-2026-43872

· N/AReceived

CVSS v3.1

N/A

CVSS v4.0

5.3

EPSS

0.30%

Published

Jun 12, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.

Weaknesses (CWE)

CWE-22

References (2)

https://actualbudget.org/blog/release-26.5.0

https://github.com/actualbudget/actual/security/advisories/GHSA-4wf8-vhhr-4gpv

KEV Catalog EPSS Scores Vendors All CVEs