CVE-2026-40185

EUVD-2026-21587
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179
https://github.com/mauriceboe/TREK/releases/tag/v2.7.2
https://github.com/mauriceboe/TREK/security/advisories/GHSA-pcr3-6647-jh72