PatchSiren cyber security CVE debrief
CVE-2026-36720 bookcars CVE debrief
CVE-2026-36720 is a high-severity vulnerability in bookcars v8.3 that allows authenticated attackers to escalate privileges from user to admin by modifying their user type. The vulnerability has a CVSS score of 8.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-36720).
- Vendor
- bookcars
- Product
- bookcars
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of bookcars v8.3 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by insecure permissions in bookcars v8.3, which allows authenticated attackers to escalate privileges from user to admin by modifying their user type. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Defensive priority
HIGH
Recommended defensive actions
- Update bookcars to the latest version
- Restrict user type modification to authorized administrators
- Monitor user activity and privilege escalation attempts
Evidence notes
The vulnerability was reported by an unknown source and is listed in the NVD database. [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-36720) The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-36720). Additional information can be found at [ref-4](https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-3).
Official resources
-
CVE-2026-36720 CVE record
CVE.org
-
CVE-2026-36720 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-36720 was published on 2026-06-09T19:17:42.380Z and modified on 2026-06-09T22:16:24.897Z.