CVE-2026-40543 Missing Authorization in SOPlanning

SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...

SOPlanning security vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization for the backup function, which could allow unauthorized attackers to...