CVE Catalog
CVE-2026-36720
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.02%
7th percentile - higher than 7% of all known CVEs
Summary
Version 8.3 of the bookcars application has insecure permissions that allow authenticated attackers to escalate privileges from user to admin by modifying their user type.
Risk Assessment
The organization may be exposed to unauthorized access to administrative functions, potentially leading to serious security breaches.
Recommendation
It is recommended to review and improve the permission system in the bookcars application to prevent privilege escalation by users.
Original NVD description (English source)
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.

