CVE-2026-40184

LOW NVD

CVSS Score 3.7

Severity LOW

Published Apr 10, 2026

Vendor unknown

Description

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2.

References

https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179
https://github.com/mauriceboe/TREK/releases/tag/v2.7.2
https://github.com/mauriceboe/TREK/security/advisories/GHSA-wxx3-84fc-mrx2