CVE-2026-36721
9.8 CRITICALA lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentica...
Published: 2026-06-09 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-347
Description
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-42462 — Fedify is a TypeScript library for building federated server apps powered by ActivityPub (7.0 HIGH)
- CVE-2026-52754 — Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a ... (8.8 HIGH)
- CVE-2026-41694 — Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a val... (3.7 LOW)
- CVE-2026-44748 — SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed ... (9.9 CRITICAL)
- CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)