CVE-2026-56115P2HIGHCVSS 8.8≤ 0.1.702026-06-23
CVE-2026-56115 [HIGH] CWE-862 CVE-2026-56115: Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but fails to inspect the is_admin flag. Attackers can send r
nvd