PatchSiren cyber security CVE debrief
CVE-2026-42667 Bookly CVE debrief
CVE-2026-42667 is a HIGH severity vulnerability (CVSS Score: 7.5) affecting Bookly versions <= 27.4. This vulnerability allows unauthenticated sensitive data exposure. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- Bookly
- Product
- Unknown
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Bookly versions <= 27.4 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and is classified under CWE-201.
Defensive priority
HIGH
Recommended defensive actions
- Update Bookly to a version greater than 27.4.
- Refer to [ref-4] for mitigation or vendor reference.
Evidence notes
The vendor and product information is currently unknown, but there is evidence from Patchstack that suggests the vulnerability affects the Bookly plugin.
Official resources
-
CVE-2026-42667 CVE record
CVE.org
-
CVE-2026-42667 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42667 was published on 2026-06-15T21:16:56.513Z and last modified on 2026-06-15T21:24:32.790Z.