What is GHSA-cxrr-8w2f-8vxj?

GHSA-cxrr-8w2f-8vxj is a security advisory published by GitHub Security Advisories with Medium severity. SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and...

Which CVE IDs does GHSA-cxrr-8w2f-8vxj cover?

GHSA-cxrr-8w2f-8vxj covers the following CVE IDs: CVE-2026-40549. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-cxrr-8w2f-8vxjMedium

SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and...

Vendor

GitHub Security Advisories

Published

June 1, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-40549 →

📋 Description

SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application.

This issue affects SOPlanning version 1.55 and below.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-40549
https://cert.pl/en/posts/2026/06/CVE-2026-40543
https://www.soplanning.org/en
https://github.com/advisories/GHSA-cxrr-8w2f-8vxj