CVE Catalog

CVE-2026-36726

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.59%

70th percentile - higher than 70% of all known CVEs

Summary

Version 8.3 of the bookcars application contains a vulnerability that allows unauthenticated attackers to delete arbitrary files by exploiting directory traversal sequences in the /api/delete-temp-license/{file} endpoint.

Risk Assessment

This vulnerability could lead to data loss and disruption of system operations, posing a significant threat to the organization.

Recommendation

It is recommended to secure the endpoint against unauthorized access and implement input validation to prevent the exploitation of directory traversal sequences.

Original NVD description (English source)

An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS