CVE-2026-33318 | actualbudget actual up to 26.3.x Login Endpoint /account/change-password access control (GHSA-prp4-2f49-fcgp)

A vulnerability classified as critical was found in actualbudget actual up to 26.3.x. Impacted is an unknown function of the file /account/change-password of the component Login Endpoint. Executing a manipulation can lead to improper access controls.

The identification of this vulnerability is CVE-2026-33318. The attack can only be executed locally. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More