GHSA-cq9c-6w48-qmfg

High

GHSA-cq9c-6w48-qmfg

(CVE-2026-49229)

Published Jun 22, 2026

CVSS

8.3

HIGH

EPSS

Exploit Prediction Scoring System — the modeled probability of in-the-wild exploitation in the next 30 days.

—

Affected packages

Summary

@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens

Developer impact

Recommended action

Affected packages

Sources