CVE-2026-36726
MediumCVSS 5.3Exploitation Probability (EPSS)
Elevated risk70th percentile - higher than 70% of all known CVEs
Summary
Version 8.3 of the bookcars application contains a vulnerability that allows unauthenticated attackers to delete arbitrary files by exploiting directory traversal sequences in the /api/delete-temp-license/{file} endpoint.
Risk Assessment
This vulnerability could lead to data loss and disruption of system operations, posing a significant threat to the organization.
Recommendation
It is recommended to secure the endpoint against unauthorized access and implement input validation to prevent the exploitation of directory traversal sequences.
Original NVD description (English source)
An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences.

