CVE Catalog

CVE-2026-36720

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

7th percentile - higher than 7% of all known CVEs

Summary

Version 8.3 of the bookcars application has insecure permissions that allow authenticated attackers to escalate privileges from user to admin by modifying their user type.

Risk Assessment

The organization may be exposed to unauthorized access to administrative functions, potentially leading to serious security breaches.

Recommendation

It is recommended to review and improve the permission system in the bookcars application to prevent privilege escalation by users.

Original NVD description (English source)

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS