CVE-2026-40185
Published
CVSS v3
7.1
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2.
A self-hosted travel/trip planner with real-time collaboration, interactive maps, PWA support, SSO, budgets, packing lists, and more.
GitHub