CVE-2026-50881: Incorrect access control in the impworks Bonsai v6
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Incorrect access control in impworks Bonsai v6.0 allows an authenticated attacker with Editor-level privileges to escalate to Administrator and make unauthorized account, password, and configuration changes. The vulnerability is reachable over the network and requires no interaction from any other user or admin. No fix version has been published; HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as an upstream fix is released.
HarborGuard Coverage
Detection of CVE-2026-50881 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against images in customer registries, CI/CD pipelines, and custom-built images. Any image containing an affected version of impworks Bonsai v6.0 is flagged automatically.
AvailableHarborGuard is capable of scoring this CVE at CVSS 8.1 (High) and weighting it against each environment's compliance policy to determine urgency and routing. Findings are routed to the appropriate team inbox within the customer organization based on configured escalation rules.
AvailableNo fix version has been published by the upstream maintainer for impworks Bonsai v6.0. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is published; for customers with auto-remediation enabled, that rebuild will be followed by a regression run and a PR opened against affected workloads.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must reach the Bonsai service over the network; there is no requirement for local or physical access.
- AuthenticationRequired
Any account holding Editor privileges is sufficient to attempt the escalation; a higher-privileged or admin credential is not needed to begin the attack.
- Victim interactionNot required
No other user or administrator needs to take any action for exploitation to succeed.
- Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, special memory layout, or environmental factors must be satisfied.
Blast Radius
- A successful attacker elevates their own account from Editor to Administrator within the application.
- With Administrator access, the attacker reads and modifies stored account credentials and user records.
- The attacker can change application configuration, potentially redirecting behavior or embedding backdoor settings.
- Password changes for other accounts lock out legitimate administrators and users from the application.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-50881 is active across customer environments, matching any image that includes impworks Bonsai v6.0. Because no upstream fix exists yet, HarborGuard monitors the advisory on every ingest cycle. In the interim, compensating controls worth considering include network-policy isolation to restrict which identities can reach the Bonsai service, egress filtering to limit what an escalated account can touch downstream, and reviewing Editor-role assignments to reduce the population of accounts that could trigger the escalation. The moment an upstream patch is published, HarborGuard will make a patched-image rebuild available; for customers with auto-remediation enabled, that rebuild is followed by an automated regression run and a PR opened against affected workloads without manual intervention.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N