CVE-2026-50179 | actualbudget Actual up to 26.5.x CSV Export export-to-csv.ts exportToCSV/exportQueryToCSV Payee/Notes/Account/Category neutralization

SecurityVulns

A vulnerability classified as problematic has been found in actualbudget Actual up to 26.5.x. Impacted is the function exportToCSV/exportQueryToCSV of the file packages/loot-core/src/server/transactions/export/export-to-csv.ts of the component CSV Export Handler. This manipulation of the argument Payee/Notes/Account/Category causes improper neutralization.

This vulnerability is handled as CVE-2026-50179. It is possible to launch the attack on the local host. There is not any exploit available.VulDB Recent EntriesRead More