CVE-2026-40184 PUBLISHED

Unauthenticated Access to Uploaded Files in TREK

Assigner: GitHub_M
Reserved: 09.04.2026 Published: 10.04.2026 Updated: 10.04.2026

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.7

Product Status

Vendor mauriceboe
Product TREK
Versions
  • Version < 2.7.2 is affected

References

Problem Types

  • CWE-306: Missing Authentication for Critical Function CWE