4 matches found
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Summary Missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information. Impact This vulnerability allows an unauthenticated attack...
CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction...
CVE-2026-27584
ActualBudget Server is affected by CVE-2026-27584 due to missing authentication middleware in the server component, allowing unauthenticated access to SimpleFIN and Pluggy.ai integration endpoints. An attacker can read bank account balances and transaction histories for users configured with thes...
ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information...