CVE-2026-43872

CVE-2026-43872

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.

Vulnerability class: Path Traversal (Directory Traversal)

Weakness classification (CWE)

References