CVE Catalog

CVE-2026-57747

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

An unauthenticated Cross Site Request Forgery (CSRF) vulnerability exists in Booked version 3.0.0 and earlier. An attacker can trick a logged-in administrator into performing unintended actions without their knowledge.

Risk Assessment

The risk involves unauthorized operations being executed in the context of an administrator session, potentially leading to configuration changes, data deletion, or privilege escalation.

Recommendation

Immediately update Booked to a version newer than 3.0.0 that includes a fix for the CSRF vulnerability. Additionally, implement CSRF protection mechanisms such as anti-CSRF tokens.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS