CVE Catalog

CVE-2026-36722

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

11th percentile - higher than 11% of all known CVEs

Summary

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.

Risk Assessment

This vulnerability could lead to remote code execution, posing a serious threat to the security of the system and user data.

Recommendation

It is recommended to implement strict controls on uploaded files and to update to the latest version of the software to minimize risk.

Original NVD description (English source)

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS