CVE-2026-40480 — ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization — CVE Database · The Intelligence Room