CVE-2026-40543

Vulnerability

SOPlanning versions 1.55 and below [1] do not enforce authorization checks for backup-related endpoints. An unauthenticated attacker can directly query these endpoints to retrieve backup archives. The backups contain user databases with usernames and password hashes, as well as the config.csv file with additional sensitive information. The vulnerability is classified as CWE-862 Missing Authorization [1].

Exploitation

An attacker with network access to the SOPlanning instance can exploit this by sending HTTP requests to the backup endpoints without any authentication. No special privileges or user interaction are required. The attacker can enumerate or guess the backup endpoints to download the archives.

Impact

Successful exploitation leads to disclosure of sensitive data including user credentials (password hashes) and configuration details from config.csv. This could enable further attacks such as password cracking or lateral movement within the organization. The confidentiality of user databases is compromised.

Mitigation

SOPlanning has not released a fixed version as of the publication date (2026-06-01). Users are advised to restrict network access to the SOPlanning instance, implement web application firewall rules to block direct access to backup endpoints, or apply access controls at the server level. The vulnerability is not known to be listed in CISA's KEV at this time [1].