CVE-2026-50881
Deferred Deferred - Pending Action

Incorrect Access Control in impworks Bonsai v6.0 Allows Privilege Escalation

Vulnerability report for CVE-2026-50881, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
impworks bonsai 6.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50881 is a privilege escalation vulnerability in impworks Bonsai version 6.0. It occurs because the system's AdminAuthHandler allows both Administrator and Editor roles to access administrative functions, but certain sensitive controllers like UsersController and DynamicConfigController do not verify that only Administrators perform these operations.

As a result, an authenticated user with Editor privileges can exploit this flaw by sending direct requests to user-management or dynamic configuration routes, thereby gaining unauthorized Administrator-level access.

This allows the Editor to execute unauthorized account, password, and configuration changes that should be restricted to Administrators.

Impact Analysis

This vulnerability can have serious impacts by allowing an attacker with Editor privileges to escalate their access to Administrator level.

  • Unauthorized modification of user accounts, including changing passwords.
  • Unauthorized changes to global system configurations.
  • Potential for persistent administrative access by the attacker, compromising the security and integrity of the system.
Detection Guidance

This vulnerability can be detected by verifying if users with Editor privileges are able to perform administrative actions such as user management or configuration changes. Specifically, detection involves monitoring or attempting to send direct requests to user-management or dynamic configuration routes while logged in as an Editor.

A practical approach is to log in as an Editor and attempt to execute administrative operations via HTTP requests to endpoints related to user management or dynamic configuration. If these requests succeed, the system is vulnerable.

Example commands could include using curl or similar tools to send requests to these routes, for instance:

  • curl -X POST -b cookies.txt -d '{"username":"newadmin","password":"pass"}' https://target/bonsai/users/manage
  • curl -X POST -b cookies.txt -d '{"configKey":"value"}' https://target/bonsai/config/dynamic

Here, cookies.txt contains the session cookie of an Editor user. Successful execution of these commands indicates the vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting Editor role permissions to prevent access to administrative functions and sensitive controllers such as UsersController and DynamicConfigController.

Administrators should review and update access control checks to ensure that only users with Administrator privileges can perform user management and configuration changes.

If possible, temporarily disable or restrict access to user-management and dynamic configuration routes until a proper patch or update is applied.

Additionally, monitor logs for any unauthorized attempts by Editor users to access administrative functions.

Compliance Impact

CVE-2026-50881 allows an authenticated user with Editor privileges to escalate to Administrator privileges and perform unauthorized account, password, and configuration changes. This unauthorized access and modification capability can lead to violations of data protection and privacy requirements mandated by standards such as GDPR and HIPAA.

Specifically, the ability to modify user accounts and configurations without proper authorization undermines access control mechanisms, potentially exposing sensitive personal or health information to unauthorized users. This can result in non-compliance with regulations that require strict access controls, auditability, and protection of sensitive data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50881. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart