CVE-2026-40547

Vulnerability Description

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 (Missing Authorization), any backup file can be read by any (unauthorized) user.

This issue affects SOPlanning version 1.55 and below.

Vulnerability Details

Published Date

June 01, 2026

Last Modified

June 01, 2026

CWE ID

CWE-22

Source

NVD

Vendor

SOPlanning

Product

SOPlanning

External References

https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en/

CVE-2026-40547

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment