CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-40185

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.1%

CVSS Severity

CVSS v3 Score 7.1

References

https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179
https://github.com/mauriceboe/TREK/releases/tag/v2.7.2
https://github.com/mauriceboe/TREK/security/advisories/GHSA-pcr3-6647-jh72

Products affected by CVE-2026-40185

Mauriceboe » Trek » Version: Any

cpe:2.3:a:mauriceboe:trek:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40185

Products

Pricing

Contact Us