CVE-2026-61343
LibreBooking path traversal
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 8.6EPSS 0.8%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
09 Jul 2026Published on NVD
09 Jul 2026Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
LibreBooking · LibreBookingpublic PoCs found — 1
githubgithub.com/nmagill123/CVE-2026-61343-poc-librebooking-rce★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://github.com/LibreBooking/librebooking/commit/cb9b7ad9da0243bd105809f6a4a8a6b9147c71eahttps://github.com/LibreBooking/librebooking/pull/1456https://github.com/LibreBooking/librebooking/releases/tag/v5.1.0https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-190-01.jsonhttps://www.cve.org/CVERecord?id=CVE-2026-61343