Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-61343— LibreBooking path traversal

CVSS 7.2 · High EPSS 0.84% · P54

Affected Version Matrix 2

VendorProductVersion RangeStatus
LibreBookingLibreBooking< 5.1.0affected
5.1.0unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-61343

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
LibreBooking path traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
LibreBooking 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LibreBooking LibreBooking是LibreBooking组织的一款在线预约调度软件。 LibreBooking 5.1.0之前版本存在路径遍历漏洞,该漏洞源于电子邮件模板编辑器保存操作将提交的模板名称直接传递到目标文件路径,允许具有管理员凭据的远程攻击者在模板目录之外写入任意文件并执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LibreBookingLibreBooking 0 ~ 5.1.0 -

II. Public POCs for CVE-2026-61343

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8855 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-61343

登录查看更多情报信息。

Patches & Fixes for CVE-2026-61343 (2)

Vendor Advisories for CVE-2026-61343 (1)

Vendor Pages for CVE-2026-61343 (1)

Other References for CVE-2026-61343 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-61343

No comments yet


Leave a comment