CVE-2026-40547

UNKNOWN 0.0

Path Traversal in SOPlanning

CVSS Score

0.0

EPSS Score

0.2%

EPSS Percentile

36th

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 (Missing Authorization), any backup file can be read by any (unauthorized) user. This issue affects SOPlanning version 1.55 and below.

CWE	CWE-22
Vendor	soplanning
Product	soplanning
Published	Jun 1, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for soplanning soplanning

Be the first to know when new unknown vulnerabilities affecting soplanning soplanning are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SOPlanning / SOPlanning

0 ≤ 1.55

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/06/CVE-2026-40543 soplanning.org: https://www.soplanning.org/en/

Credits

Łukasz Jaworski