Primary

Context

TREK Missing Authorization Vulnerability in Trip Photo Management Routes

Vulnerability

A vulnerability exists in TREK versions prior to 2.7.2, where the application lacked proper authorization checks on the Immich trip photo management routes. This oversight allowed authenticated users to access or modify another user's trip photos through the Immich integration.

Impact

Exploitation of this vulnerability could lead to unauthorized access to or modification of trip photos belonging to other users.

Remediation

Users are advised to update TREK to version 2.7.2 or later, where this vulnerability has been addressed.

Added: Apr 10, 2026, 8:22 PM

Updated: Apr 10, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.9

remediation

0.0

relevance

5.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.9

remediation

0.0

relevance

5.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TREK Missing Authorization Vulnerability in Trip Photo Management Routes

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating