CVE-2026-27638 | actualbudget actual up to 26.2.0 Sync API Endpoint /sync/ authorization (GHSA-qmjj-p7m9-wjrv)

Inserito da Angelo Barbosa | Feb 27, 2026 | CVE

A vulnerability described as problematic has been identified in actualbudget actual up to 26.2.0. This affects an unknown function of the file /sync/ of the component Sync API Endpoint. Executing a manipulation can lead to missing authorization.

This vulnerability is handled as CVE-2026-27638. It is possible to launch the attack on the local host. There is not any exploit available.

Upgrading the affected component is recommended.

CVE-2026-27638 | actualbudget actual up to 26.2.0 Sync API Endpoint /sync/ authorization (GHSA-qmjj-p7m9-wjrv)

Post correlati

CVE-2024-54188 | Infoblox NETMRI up to 7.6.0 information disclosure

CVE-2026-23106 | Linux Kernel up to 6.18.7/6.19-rc6 timekeeping include/linux/seqlock.h __do_ajdtimex state issue

CVE-2025-5078 | Campcodes Online Shopping Portal 1.0 /admin/subcategory.php Category sql injection

CVE-2023-48880 | EyouCMS 1.6.4-UTF8-SP1 login.php Menu Name cross site scripting (Issue 52)