Authentication Bypass Vulnerability Affects TREK Travel Planner by TREK
CVE-2026-40184

3.7LOW

Key Information:

Vendor

Mauriceboe

Status
Trek
Vendor
CVE Published:
10 April 2026

What is CVE-2026-40184?

The TREK travel planner, prior to version 2.7.2, had a security flaw that allowed unauthorized access to uploaded photos without requiring user authentication. This vulnerability could potentially expose sensitive user data to malicious actors, emphasizing the importance of keeping software up to date. The issue has been remediated in version 2.7.2, where authentication mechanisms have been properly enforced to protect user content.

Affected Version(s)

TREK < 2.7.2

References

https://github.com/mauriceboe/TREK/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/mauriceboe/TREK/commit/16277a3811a00c2...
x_refsource_MISC
https://github.com/mauriceboe/TREK/releases/tag/v2.7.2
x_refsource_MISC

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.