CVE-2026-57747
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
An unauthenticated Cross Site Request Forgery (CSRF) vulnerability exists in Booked version 3.0.0 and earlier. An attacker can trick a logged-in administrator into performing unintended actions without their knowledge.
Risk Assessment
The risk involves unauthorized operations being executed in the context of an administrator session, potentially leading to configuration changes, data deletion, or privilege escalation.
Recommendation
Immediately update Booked to a version newer than 3.0.0 that includes a fix for the CSRF vulnerability. Additionally, implement CSRF protection mechanisms such as anti-CSRF tokens.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions.

