A vulnerability labeled as critical has been found in actualbudget actual up to 26.4.x . Impacted is an unknown function. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-43872 . The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.