CVE-2026-42604 | actualbudget actual up to 26.4.x Endpoint /openid/config authorization (GHSA-49v6-pqjq-xw55)

A vulnerability has been found in actualbudget actual up to 26.4.x and classified as critical. This impacts an unknown function of the file /openid/config of the component Endpoint. The manipulation leads to incorrect authorization.

This vulnerability is traded as CVE-2026-42604. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More