QwikSec

Security Database

CVE

CWE

Training

CVE-2026-40549

Published: Jun 1, 2026

Modified: Jun 1, 2026

PUBLISHED

Description

SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning version 1.55 and below.

Vendor	Product	Versions
SOPlanning	SOPlanning	affected `0 - <= 1.55`

Weaknesses (CWE)

References

https://cert.pl/en/posts/2026/06/CVE-2026-40543

third-party-advisory

https://www.soplanning.org/en/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.