CVE Catalog
CVE-2026-36721
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.02%
7th percentile — higher than 7% of all known CVEs
Summary
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
Risk Assessment
The organization may be exposed to unauthorized access to the system, potentially leading to data breaches or other serious security incidents.
Recommendation
It is recommended to implement cryptographic signature verification for JWT tokens to secure the authentication process.
Original NVD description (English source)
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

