CVE-2026-11994

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 22, 2026

Vendor unknown

Description

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.

References

https://fluidattacks.com/es/advisories/believer
https://github.com/akaunting/akaunting