A vulnerability was found in FrontAccounting up to 2.4.19 . It has been classified as critical . Affected by this issue is the function get_gl_transactions . This manipulation of the argument filter_type causes sql injection. This vulnerability is tracked as CVE-2026-40524 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.