File Path Injection Vulnerability in LibreBooking's Email Template Editor
CVE-2026-61343

8.6HIGH

Key Information:

Vendor
CVE Published:
9 July 2026

What is CVE-2026-61343?

A vulnerability in the email template editor of LibreBooking allows an attacker with admin credentials to manipulate the file path of saved templates. This flaw enables the remote execution of arbitrary code outside the specified template directory. Vulnerable versions of LibreBooking prior to 5.1.0 are affected. A fix has been implemented in version 5.1.0, which mitigates this risk. It is important for administrators to update to the latest version to protect against potential exploits.

Affected Version(s)

LibreBooking 0 < 5.1.0

LibreBooking 5.1.0

References

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Noah Magill
.