MEDIUM
makeplane
CVE published 2026-05-20
CVE-2026-40102
CVE-2026-40102 affects Plane versions 1.3.0 and below and is fixed in 1.3.1. The issue is an ORM Field Reference Injection in SavedAnalyticEndpoint: a user-controlled segment query parameter was passed directly into a Django F() expression without the allowlist validation used by the regular AnalyticsEndpoint. An authenticated workspace MEMBER could craft a request to the saved analytics endpoint and caus [truncated]