CVE-2026-11994

UNKNOWN 0.0

Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report.

CWE	CWE-79
Vendor	akaunting
Product	akaunting
Published	Jun 22, 2026
Last Updated	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for akaunting akaunting

Be the first to know when new unknown vulnerabilities affecting akaunting akaunting are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Akaunting / Akaunting

3.1.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fluidattacks.com: https://fluidattacks.com/es/advisories/believer github.com: https://github.com/akaunting/akaunting

Credits

Oscar Naveda Fluid Attacks' AI SAST Scanner