Skip to content
cyberHIGH2026-04-24 03:16 UTC

CVE-2026-33318 - Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

CVE ID :CVE-2026-33318 Published : April 24, 2026, 3:16 a.m. | 36 minutes ago Description :Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID

ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

Editorial policy · Report a correction