File Path Injection Vulnerability in LibreBooking's Email Template Editor
CVE-2026-61343
8.6HIGH
What is CVE-2026-61343?
A vulnerability in the email template editor of LibreBooking allows an attacker with admin credentials to manipulate the file path of saved templates. This flaw enables the remote execution of arbitrary code outside the specified template directory. Vulnerable versions of LibreBooking prior to 5.1.0 are affected. A fix has been implemented in version 5.1.0, which mitigates this risk. It is important for administrators to update to the latest version to protect against potential exploits.
Affected Version(s)
LibreBooking 0 < 5.1.0
LibreBooking 5.1.0
