PT-2026-56903 · Librebooking · Librebooking

Noah Magill

·

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-61343

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0.

Fix

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61343

Affected Products

Librebooking