CVE Catalog

CVE-2026-36727

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

Version 8.3 of the bookcars application contains an insecure authentication vulnerability in the /api/social-sign-in endpoint, allowing attackers to bypass authentication using a forged JWT token.

Risk Assessment

Organizations may be exposed to unauthorized access to the system, potentially leading to data theft or other serious security incidents.

Recommendation

It is recommended to update the bookcars application to the latest version and implement additional verification mechanisms for JWT tokens.

Original NVD description (English source)

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS