CVE-2026-50881

HIGH

impworks Bonsai 6.0 - Authenticated Privilege Escalation to Administrator

Title source: llm

Description

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

References (1)

Core 1

Core References

https://gist.github.com/pyuysig/68754e4c40161ea27fcf80be46c59e7c

Scores

CVSS v3 8.1

EPSS 0.0025

EPSS Percentile 15.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Published Jun 15, 2026

Tracked Since Jun 16, 2026