PT-2026-45360 · Soplanning · Soplanning
Łukasz Jaworski
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-40547
CVSS v4.0
6.4
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H |
SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 (Missing Authorization), any backup file can be read by any (unauthorized) user.
This issue affects SOPlanning version 1.55 and below.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Soplanning