CVE-2026-40546

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 01, 2026

Vendor unknown

Description

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below.

References

https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en/