CVE-2026-61343 in LibreBookinginfo

Summary

by MITRE • 07/09/2026

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/09/2026

This vulnerability exists within LibreBooking's email template management system where the application fails to properly validate or sanitize user input during the template saving process. The flaw occurs when administrators submit email template names through the web interface, as the system directly incorporates these unvalidated inputs into file system paths without proper sanitization or path validation mechanisms. This represents a classic path traversal vulnerability that allows attackers to manipulate file system operations by crafting malicious template names containing directory traversal sequences such as ../ or ..\.

The technical implementation of this vulnerability stems from improper input validation and inadequate file system access controls within the application's template handling logic. When an administrator saves a template, the system constructs a file path using the submitted template name without filtering out potentially dangerous characters or sequences that could alter the intended directory structure. This creates a condition where an attacker can specify a template name that results in writing files to arbitrary locations outside of the designated template directory, effectively bypassing the application's intended security boundaries.

The operational impact of this vulnerability is severe as it enables remote code execution capabilities for authenticated attackers with administrative privileges. Once an attacker successfully exploits this flaw, they can write malicious files to critical system directories and potentially execute arbitrary code within the context of the web server process. This could lead to complete system compromise, data exfiltration, and persistent backdoor access. The vulnerability essentially provides a pathway for privilege escalation from administrative access to full system control, making it particularly dangerous in environments where administrative accounts are compromised or where attackers can obtain legitimate administrative credentials through other means.

This vulnerability aligns with CWE-22 Path Traversal and CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component, representing a failure to properly validate input before using it in file system operations. The attack pattern follows ATT&CK technique T1059 Command and Scripting Interpreter, specifically focusing on the execution of arbitrary code through malicious file placement, and T1566 Impersonation which relates to the exploitation of administrative privileges. Organizations should implement proper input validation by sanitizing all user-supplied template names, implementing strict path validation that ensures template files are written only within designated directories, and applying the principle of least privilege to limit the web server's file system access permissions. The fix in version 5.1.0 demonstrates the importance of proper input sanitization and secure file handling practices in preventing such critical vulnerabilities from being exploited in real-world scenarios.

Responsible

Cisa-cg

Reservation

07/08/2026

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!