CSRF in Soplanning

CVE-2026-40549

SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or PO…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (5.4th percentile) — read the EPSS interpretation.