These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-36727 is a critical vulnerability in the /api/social-sign-in endpoint of bookcars v8.3. The vulnerability allows attackers to bypass authentication via a forged JWT token, with a CVSS score of 9.1. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].
CVE-2026-36726 is a MEDIUM severity vulnerability in bookcars v8.3. An arbitrary file deletion vulnerability exists in the /api/delete-temp-license/{file} endpoint, allowing unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences. The vulnerability has a CVSS score of 5.3 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-36726).
CVE-2026-36720 is a high-severity vulnerability in bookcars v8.3 that allows authenticated attackers to escalate privileges from user to admin by modifying their user type. The vulnerability has a CVSS score of 8.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-36720).