CVE-2026-40185

Published April 11, 2026 · Updated April 11, 2026

7.1CVSS

high

What This Means

CVE-2026-40185 is a high-severity vulnerability in TREK, a collaborative travel planner, that lacks proper authorization checks for its Immich trip photo management routes prior to version 2.7.2. This flaw allows unauthorized users to access and manage sensitive trip photo data. Upgrade to TREK version 2.7.2 or later to mitigate this vulnerability and secure your application.

Official Description+

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2026-40185.

Related Coverage

Vvulnerability

Critical Authorization Flaw in TREK's Immich Module Exposes Sensitive Data

TREK's Immich module, prior to version 2.7.2, lacked authorization checks, exposing trip photo data (CVE-2026-40185). Updating to version 2.7.2 is required.

NVD·1h ago·3 min read