CVE-2026-40543 HIGH

CVE-2026-40543: Missing Authorization in SOPlanning

Vendor Soplanning
Product SOPlanning
Weakness CWE-862 · Missing authorization
Published June 1, 2026
Last update June 1, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional sensitive information. This issue affects SOPlanning version 1.55 and below.

Key dates

02Disclosure timeline

June 1, 2026 CVE published
June 1, 2026 Record updated

Related vulnerabilities

04Related CVE