CVE-2026-56115

Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

CVSS 8.7 HIGHEPSS 0.3%CWE-862

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.7EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

23 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

garybowers · bootimus

public PoCs found — 1

cve_referencegithub.com/garybowers/bootimus/issues/84unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/garybowers/bootimus/issues/84 https://www.vulncheck.com/advisories/bootimus-broken-access-control-via-jwtmiddleware-authorization-bypass