Path Traversal Vulnerability in SOPlanning by SOPlanning.org
CVE-2026-40547

6.4MEDIUM

Key Information:

Vendor: Soplanning
Status: Soplanning
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-40547?

SOPlanning is susceptible to a Path Traversal vulnerability in its backup endpoints. An authenticated remote attacker can exploit this weakness to craft payloads that enable them to read and execute files that were previously added via the backup feature. This situation is compounded by another vulnerability related to Missing Authorization, which allows any unauthorized user to access any backup file. This vulnerability impacts users of SOPlanning version 1.55 and earlier, highlighting the need for immediate attention to safeguard sensitive data from unauthorized access.

Affected Version(s)

SOPlanning 0 <= 1.55

References

https://cert.pl/en/posts/2026/06/CVE-2026-40543

third-party-advisory

https://www.soplanning.org/en/

product

CVSS V4

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

Łukasz Jaworski

CVE-2026-40547 Data

JSON

Soplanning

What is CVE-2026-40547?

Affected Version(s)

References

CVSS V4

Timeline

Credit