CVE-2026-40546

Severity CVSS v4.0:
HIGH
Type:
CWE-89 SQL Injection
Publication date:
01/06/2026
Last modified:
01/06/2026

Description

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.<br /> <br /> This issue affects SOPlanning version 1.55 and below.