CVE 8.8 HIGH

Missing Authorization in SOPlanning_CVE-2026-40543

June 1, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional sensitive information.

This issue affects SOPlanning version 1.55 and below.

AI Analysis

Missing authorization in SOPlanning allows unauthenticated attackers to retrieve sensitive information from backup archives.

Basic Information

ID CVE-2026-40543

Source CERT-PL

Published Jun 1, 2026 at 09:03

Affected Product

Vendor SOPlanning

Product SOPlanning

Version 1.55 and below

Affected Versions SOPlanning SOPlanning 0

CWE Classification

CWE-862

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor SOPlanning

Product SOPlanning

Version 1.55 and below

References

{
    "lastseen": "",
    "description": "SOPlanning does not enforce authorization for backup functionalities.\u00a0An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional sensitive information.\n\nThis issue affects SOPlanning version 1.55 and below.",
    "published": "2026-06-01T09:03:44.790Z",
    "modified": "2026-06-01T09:03:44.790Z",
    "type": "cve",
    "title": "Missing Authorization in SOPlanning",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2026/06/CVE-2026-40543\nhttps://www.soplanning.org/en/",
    "id": "CVE-2026-40543",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SOPlanning SOPlanning 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SOPlanning",
    "version": "1.55 and below",
    "vendor": "SOPlanning",
    "ai_description": "Missing authorization in SOPlanning allows unauthenticated attackers to retrieve sensitive information from backup archives.",
    "ai_severity": "High",
    "ai_vendor": "SOPlanning",
    "ai_product": "SOPlanning",
    "ai_version": "1.55 and below",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply