A vulnerability, which was classified as critical , has been found in FrontAccounting up to 2.4.19 . This affects an unknown function of the component PHP File Handler . Performing a manipulation of the argument unique_name results in path traversal. This vulnerability was named CVE-2026-40521 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.