CVE-2026-46672 | Actual up to 26.5.x CSV Serializer output.ts escapeCsv deserialization
A vulnerability was found in Actual up to 26.5.x. It has been declared as problematic. The affected element is the function escapeCsv of the file packages/cli/src/output.ts of the component CSV Serializer. Executing a manipulation can lead to deserialization.
This vulnerability is registered as CVE-2026-46672. The attack needs to be launched locally. No exploit is available.VulDB Recent EntriesRead More