CVE Catalog

CVE-2026-36721

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

7th percentile — higher than 7% of all known CVEs

Summary

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Risk Assessment

The organization may be exposed to unauthorized access to the system, potentially leading to data breaches or other serious security incidents.

Recommendation

It is recommended to implement cryptographic signature verification for JWT tokens to secure the authentication process.

Original NVD description (English source)

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS