A vulnerability was found in bookcars 8.3 . It has been declared as critical . This issue affects some unknown processing of the file /api/social-sign-in . Such manipulation leads to improper authentication. This vulnerability is documented as CVE-2026-36727 . The attack can be executed remotely. There is not any exploit available.