A vulnerability labeled as critical has been found in SOPlanning up to 1.55 . This affects the function backup of the file user.csv of the component ZIP Handler . Such manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2026-40548 . The attack can be launched remotely. No exploit exists.