CVE Catalog

CVE-2026-50881

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

The impworks Bonsai v6.0 has an incorrect access control issue that allows authenticated attackers with Editor privileges to escalate their privileges to Administrator and make unauthorized changes to accounts, passwords, and configurations.

Risk Assessment

The organization may be exposed to unauthorized changes in the system, potentially leading to data loss or security breaches.

Recommendation

It is recommended to update to the latest version of the software and review and strengthen access control policies.

Original NVD description (English source)

Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS