CVE-2026-56115

Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

CVSS 8.7 HIGHEPSS 0.3%CWE-862

Vexday Risk Score

41Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 8.7EPSS 0.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

23 jun 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send requests to any endpoint under the /api/users path to create new administrator accounts or reset administrator passwords, thereby gaining full control of the server and the ability to modify boot menus and installation scripts served to PXE clients.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

garybowers · bootimus

PoCs públicas encontradas — 1

cve_referencegithub.com/garybowers/bootimus/issues/84no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/garybowers/bootimus/issues/84 https://www.vulncheck.com/advisories/bootimus-broken-access-control-via-jwtmiddleware-authorization-bypass