CVE Catalog

CVE-2026-56115

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

A broken access control vulnerability in Bootimus through version 0.1.70 allows authenticated low-privileged users to perform administrative actions due to missing role enforcement in the JWTMiddleware function in internal/auth/auth.go. Attackers can create new administrator accounts or reset administrator passwords, gaining full control over the server and the ability to modify boot menus and installation scripts served to PXE clients.

Risk Assessment

The risk for the organization includes full compromise of the PXE server, potentially leading to distribution of malicious system images and compromise of IT infrastructure integrity.

Recommendation

Immediately update Bootimus to a version newer than 0.1.70 or apply a patch that fixes the missing privilege check in JWTMiddleware. Until then, restrict API access to trusted networks only.

Original NVD description (English source)

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS