CVE-2026-40547 - Vulnerability Details

Description

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 (Missing Authorization), any backup file can be read by any (unauthorized) user.

This issue affects SOPlanning version 1.55 and below.

Published: 2026-06-01

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability permits an authenticated remote attacker to craft payloads against backup endpoints that traverse directories and read or execute files placed via the backup feature. Because an earlier flaw removed proper authorization checks for backup files, any user, even unauthenticated, can read these files. Consequently, sensitive configuration files or arbitrary code stored in the backup repository can be disallowed, enabling execution of malicious code and leading to full system compromise. The weakness is identified as CWE‑22, path traversal.

Affected Systems

SOPlanning versions 1.55 and below are affected. The vulnerability is present in the backup endpoints of the SOPlanning application and allows traversal of the filesystem hierarchy to locate files stored by the backup function.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity, while the EPSS score is unavailable. The defect is not listed in the CISA KEV catalog. The most likely attack path involves an authenticated user creating or modifying a backup file with a crafted path that includes traversal sequences; an unauthenticated user can then read it, or the file can be executed if configured to run. This provides a direct route to arbitrary code execution on the target host.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SOPlanning

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.55

No data.

Vendor Product Confidence Versions

Soplanning

100%

Version	Status	Scheme	Platform
`[0,1.55]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade SOPlanning to version 1.56 or later, which includes the fix for the path traversal bug.
If an upgrade is not feasible immediately, restrict network access to the backup endpoints and enforce strict authentication or role‑based access controls.
Re‑configure backup storage to reside outside the web root and validate all file paths on input to reject traversal sequences.

Generated by OpenCVE AI on June 1, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00447.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en/

History

Mon, 01 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Soplanning Soplanning soplanning
Vendors & Products		Soplanning Soplanning soplanning

Mon, 01 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 (Missing Authorization), any backup file can be read by any (unauthorized) user. This issue affects SOPlanning version 1.55 and below.
Title		Path Traversal in SOPlanning
Weaknesses		CWE-22
References		https://cert.pl/en/posts/2026/06/CVE-2026-40543 https://www.soplanning.org/en/
Metrics		cvssV4_0 `{'score': 6.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H'}`

Subscriptions

Soplanning Soplanning

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2026-06-01T09:04:05.155Z

Updated: 2026-06-01T13:04:15.481Z

Reserved: 2026-04-14T09:44:27.613Z

Link: CVE-2026-40547

Vulnrichment

Updated: 2026-06-01T13:04:11.893Z

NVD

Status : Deferred

Published: 2026-06-01T09:16:17.513

Modified: 2026-06-01T16:37:15.140

Link: CVE-2026-40547

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T10:30:26Z

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object