CVE-2026-50881
Received Received - Intake
BaseFortify

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-50881
EUVD
EUVD-2026-36779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
impworks bonsai 6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50881 is a privilege escalation vulnerability in impworks Bonsai version 6.0. It occurs because the system's AdminAuthHandler allows both Administrator and Editor roles to access administrative functions, but certain sensitive controllers like UsersController and DynamicConfigController do not verify that only Administrators perform these operations.

As a result, an authenticated user with Editor privileges can exploit this flaw by sending direct requests to user-management or dynamic configuration routes, thereby gaining unauthorized Administrator-level access.

This allows the Editor to execute unauthorized account, password, and configuration changes that should be restricted to Administrators.

Impact Analysis

This vulnerability can have serious impacts by allowing an attacker with Editor privileges to escalate their access to Administrator level.

  • Unauthorized modification of user accounts, including changing passwords.
  • Unauthorized changes to global system configurations.
  • Potential for persistent administrative access by the attacker, compromising the security and integrity of the system.
Detection Guidance

This vulnerability can be detected by verifying if users with Editor privileges are able to perform administrative actions such as user management or configuration changes. Specifically, detection involves monitoring or attempting to send direct requests to user-management or dynamic configuration routes while logged in as an Editor.

A practical approach is to log in as an Editor and attempt to execute administrative operations via HTTP requests to endpoints related to user management or dynamic configuration. If these requests succeed, the system is vulnerable.

Example commands could include using curl or similar tools to send requests to these routes, for instance:

  • curl -X POST -b cookies.txt -d '{"username":"newadmin","password":"pass"}' https://target/bonsai/users/manage
  • curl -X POST -b cookies.txt -d '{"configKey":"value"}' https://target/bonsai/config/dynamic

Here, cookies.txt contains the session cookie of an Editor user. Successful execution of these commands indicates the vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting Editor role permissions to prevent access to administrative functions and sensitive controllers such as UsersController and DynamicConfigController.

Administrators should review and update access control checks to ensure that only users with Administrator privileges can perform user management and configuration changes.

If possible, temporarily disable or restrict access to user-management and dynamic configuration routes until a proper patch or update is applied.

Additionally, monitor logs for any unauthorized attempts by Editor users to access administrative functions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50881. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart