ByteOS Network

NVD Vulnerability Details :

CVE-2026-40185

Analyzed

Source-security-advisories@github.com

Published At-10 Apr, 2026 | 20:16

Updated At-21 Apr, 2026 | 19:22

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CPE Matches

mauriceboe>>trek>>Versions up to 2.7.1(inclusive)

cpe:2.3:a:mauriceboe:trek:*:*:*:*:*:node.js:*:*

Weaknesses

CWE ID	Type	Source
CWE-862	Primary	security-advisories@github.com

CWE ID: CWE-862

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179	security-advisories@github.com	Patch
https://github.com/mauriceboe/TREK/releases/tag/v2.7.2	security-advisories@github.com	Release Notes
https://github.com/mauriceboe/TREK/security/advisories/GHSA-pcr3-6647-jh72	security-advisories@github.com	Vendor Advisory

Hyperlink: https://github.com/mauriceboe/TREK/commit/16277a3811a00c2983f7486fee83c112986cb179

Source: security-advisories@github.com

Resource:

Patch

Hyperlink: https://github.com/mauriceboe/TREK/releases/tag/v2.7.2

Source: security-advisories@github.com

Resource:

Release Notes

Hyperlink: https://github.com/mauriceboe/TREK/security/advisories/GHSA-pcr3-6647-jh72

Source: security-advisories@github.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History