Product
actualbudget actual
4 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-33318
CVE-2026-3089
CVE-2026-27638
CVE-2026-27584
< 26.4.0
Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including
BASIC role) can escala< 26.3.0
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, im
< 26.2.1
Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode (OpenID), the sync API endpoints (`/syn
< 26.2.1
Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget serv