CVE-2026-50881
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The impworks Bonsai v6.0 has an incorrect access control issue that allows authenticated attackers with Editor privileges to escalate their privileges to Administrator and make unauthorized changes to accounts, passwords, and configurations.
Risk Assessment
The organization may be exposed to unauthorized changes in the system, potentially leading to data loss or security breaches.
Recommendation
It is recommended to update to the latest version of the software and review and strengthen access control policies.
Original NVD description (English source)
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

