Authorization Bypass in SOPlanning by SOPlanning Team
CVE-2026-40543

8.8HIGH

Key Information:

Vendor: Soplanning
Status: Soplanning
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-40543?

The SOPlanning software lacks proper authorization checks for its backup functionalities, enabling an unauthenticated attacker to interact directly with backup-related endpoints. This vulnerability allows the retrieval of backup archives that may contain critical user data, such as usernames, password hashes, and sensitive configuration files. Affected versions include SOPlanning 1.55 and earlier, thereby exposing users to potential data breaches and security threats.

Affected Version(s)

SOPlanning 0 <= 1.55

References

https://cert.pl/en/posts/2026/06/CVE-2026-40543

third-party-advisory

https://www.soplanning.org/en/

product

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

Łukasz Jaworski

CVE-2026-40543 Data

JSON

Soplanning

What is CVE-2026-40543?

Affected Version(s)

References

CVSS V4

Timeline

Credit