CVE Catalog
CVE-2026-36727
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.04%
13th percentile — higher than 13% of all known CVEs
Summary
Version 8.3 of the bookcars application contains an insecure authentication vulnerability in the /api/social-sign-in endpoint, allowing attackers to bypass authentication using a forged JWT token.
Risk Assessment
Organizations may be exposed to unauthorized access to the system, potentially leading to data theft or other serious security incidents.
Recommendation
It is recommended to update the bookcars application to the latest version and implement additional verification mechanisms for JWT tokens.
Original NVD description (English source)
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.

