PatchSiren cyber security CVE debrief
CVE-2026-36727 bookcars CVE debrief
CVE-2026-36727 is a critical vulnerability in the /api/social-sign-in endpoint of bookcars v8.3. The vulnerability allows attackers to bypass authentication via a forged JWT token, with a CVSS score of 9.1. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- bookcars
- Product
- v8.3
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of bookcars v8.3 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by an insecure authentication mechanism in the /api/social-sign-in endpoint of bookcars v8.3. This allows attackers to bypass authentication by forging a JWT token.
Defensive priority
High
Recommended defensive actions
- Update to a patched version of bookcars
- Implement additional authentication mechanisms to prevent JWT token forgery
Evidence notes
The vulnerability was reported via [resourceLinkAnnotations ref-4].
Official resources
-
CVE-2026-36727 CVE record
CVE.org
-
CVE-2026-36727 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-36727 was published on 2026-06-09T19:17:43.207Z and modified on 2026-06-10T19:16:34.510Z.