CVE 8.8 HIGH

CVE-2026-36723_CVE-2026-36723

June 10, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).

AI Analysis

Unrestricted file rename vulnerability allowing directory traversal and remote code execution

Basic Information

ID CVE-2026-36723

Source mitre

Published Jun 9, 2026 at 00:00

Modified Jun 10, 2026 at 17:28

Affected Product

Vendor bookcars

Product bookcars

Version v8.3

Affected Versions n/a n/a n/a

CWE Classification

CWE-22

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor bookcars

Product bookcars

Version v8.3

References

github.com /CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-17

{
    "lastseen": "",
    "description": "An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).",
    "published": "2026-06-09T00:00:00.000Z",
    "modified": "2026-06-10T17:28:08.932Z",
    "type": "cve",
    "title": "CVE-2026-36723",
    "source": "mitre",
    "references": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-17",
    "id": "CVE-2026-36723",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "bookcars",
    "version": "v8.3",
    "vendor": "bookcars",
    "ai_description": "Unrestricted file rename vulnerability allowing directory traversal and remote code execution",
    "ai_severity": "High",
    "ai_vendor": "bookcars",
    "ai_product": "bookcars",
    "ai_version": "v8.3",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply