CVE-2026-36723EPSS p58.2%

CVE-2026-36723CVE-2026-36723

Description

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).

Scoring

CVSS 8.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS1.00% probability of exploitation · percentile 58.2% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-36726
CVE
CVE-2026-36722
CVE
CVE-2026-36720
CVE
CVE-2026-36727
CVE
CVE-2026-36721
CVE
CVE-2026-36767
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.