CVE Catalog

CVE-2026-42737

High
Published: Translated: NVD NIST

Summary

CVE-2026-42737 describes an improper limitation of a pathname to a restricted directory, leading to a Path Traversal vulnerability in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.

Risk Assessment

An attacker could gain access to system files, potentially leading to the exposure of sensitive data or system compromise. This poses a significant security risk to the organization.

Recommendation

It is recommended to update the VikBooking engine to the latest version to mitigate this vulnerability. A security audit of the system should also be conducted to identify potential threats.

Original NVD description (English source)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS