CVE-2026-36727
published 2026-06-09CVE-2026-36727: An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
PriorityP264critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.36%
28.3th percentile
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
ghsa_unreviewed·2026-06-09
CVE-2026-36727 [CRITICAL] CWE-287 An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
VulDB
bookcars 8.3 /api/social-sign-in improper authentication
vuldb·2026-06-09·CVSS 9.1
CVE-2026-36727 [CRITICAL] bookcars 8.3 /api/social-sign-in improper authentication
A vulnerability was found in bookcars 8.3. It has been declared as critical. This issue affects some unknown processing of the file /api/social-sign-in. Such manipulation leads to improper authentication.
This vulnerability is documented as CVE-2026-36727. The attack can be executed remotely. There is not any exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-09
Published