CVE-2026-40546

EUVD-2026-33612
SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database.

This issue affects SOPlanning version 1.55 and below.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
CERT-PLCNA
8.7 HIGH
NETWORK
LOW
LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
soplanningsoplanning
𝑥
≤ 1.55
CNA
Common Weakness Enumeration
References
https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en/