CVE-2026-43872 | actualbudget actual up to 26.4.x path traversal (GHSA-4wf8-vhhr-4gpv)

Inserito da Angelo Barbosa | Giu 12, 2026 | CVE

A vulnerability labeled as critical has been found in actualbudget actual up to 26.4.x. Impacted is an unknown function. The manipulation results in path traversal.

This vulnerability is identified as CVE-2026-43872. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-43872 | actualbudget actual up to 26.4.x path traversal (GHSA-4wf8-vhhr-4gpv)

Post correlati

CVE-2024-47556 | Xerox FreeFlow Core up to 7.0.10 on Windows path traversal

CVE-2024-12508 | Glofox Shortcodes Plugin up to 2.6 on WordPress cross site scripting

CVE-2025-9109 | Portabilis i-Diario up to 1.5.0 Password Recovery Endpoint /password/email observable response discrepancy

CVE-2024-51093 | Snipe-IT 7.0.13 #files cross site scripting