A vulnerability was found in actualbudget Actual up to 26.5.x. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component OpenID multi-user mode. This manipulation causes improper authentication.

This vulnerability is tracked as CVE-2026-49229. The attack is possible to be carried out remotely. No exploit exists.