CVE-2026-40543
Last modified
CVE-2026-40543 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional sensitive information. This issue affects SOPlanning version 1.55 and below.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional sensitive information. This issue affects SOPlanning version 1.55 and below.
Metrics
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-40543?
How severe is CVE-2026-40543?
How do I fix CVE-2026-40543?
Are you affected by CVE-2026-40543?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST