CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-4HWX-J6W8-9W2R
Vulnerability from github – Published: 2025-02-21 21:32 – Updated: 2025-03-03 21:30A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.
{
"affected": [],
"aliases": [
"CVE-2025-25767"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-21T19:15:14Z",
"severity": "MODERATE"
},
"details": "A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.",
"id": "GHSA-4hwx-j6w8-9w2r",
"modified": "2025-03-03T21:30:56Z",
"published": "2025-02-21T21:32:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25767"
},
{
"type": "WEB",
"url": "https://flowus.cn/share/a6170a19-032b-462d-8bf9-06ab139f78ba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4J43-R7JH-Q4JJ
Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-08-22 03:31Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
{
"affected": [],
"aliases": [
"CVE-2024-39576"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-22T03:15:03Z",
"severity": "HIGH"
},
"details": "Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.",
"id": "GHSA-4j43-r7jh-q4jj",
"modified": "2024-08-22T03:31:34Z",
"published": "2024-08-22T03:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39576"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000227010/dsa-2024-323"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4JGV-VWW9-6WQW
Vulnerability from github – Published: 2025-04-29 15:31 – Updated: 2025-04-29 15:31A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-4067"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-29T15:15:54Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-4jgv-vww9-6wqw",
"modified": "2025-04-29T15:31:54Z",
"published": "2025-04-29T15:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4067"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.306504"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.306504"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.559514"
},
{
"type": "WEB",
"url": "https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_71.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4JJV-8WPJ-WQFG
Vulnerability from github – Published: 2025-10-05 06:30 – Updated: 2025-10-05 06:30A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. You should upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.
{
"affected": [],
"aliases": [
"CVE-2025-11281"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-05T04:15:40Z",
"severity": "LOW"
},
"details": "A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. You should upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.",
"id": "GHSA-4jjv-8wpj-wqfg",
"modified": "2025-10-05T06:30:14Z",
"published": "2025-10-05T06:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11281"
},
{
"type": "WEB",
"url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89"
},
{
"type": "WEB",
"url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.327015"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.327015"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.659695"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4JM8-CRF9-FF85
Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-08-01 15:31Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
{
"affected": [],
"aliases": [
"CVE-2024-36587"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T19:15:51Z",
"severity": "HIGH"
},
"details": "Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.",
"id": "GHSA-4jm8-crf9-ff85",
"modified": "2024-08-01T15:31:48Z",
"published": "2024-06-13T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36587"
},
{
"type": "WEB",
"url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4M39-8PH2-44FQ
Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-11 15:30In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-31315"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T21:15:13Z",
"severity": "MODERATE"
},
"details": "In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device \u0026 app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-4m39-8ph2-44fq",
"modified": "2024-07-11T15:30:45Z",
"published": "2024-07-09T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31315"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/a9ee2793068235ff423d08cc0964870c054d1983"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-4PM3-3999-HJ74
Vulnerability from github – Published: 2024-11-20 15:30 – Updated: 2024-11-20 15:30Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
{
"affected": [],
"aliases": [
"CVE-2024-9478"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-20T14:15:18Z",
"severity": "CRITICAL"
},
"details": "Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.",
"id": "GHSA-4pm3-3999-hj74",
"modified": "2024-11-20T15:30:52Z",
"published": "2024-11-20T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9478"
},
{
"type": "WEB",
"url": "https://support.upkeeper.se/hc/en-us/articles/17007638130716-CVE-2024-9478-Improper-Privilege-Management-Process"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4PQR-V6C3-X77J
Vulnerability from github – Published: 2026-06-29 18:31 – Updated: 2026-06-29 18:31A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.
{
"affected": [],
"aliases": [
"CVE-2026-13591"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-29T17:16:29Z",
"severity": "LOW"
},
"details": "A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.",
"id": "GHSA-4pqr-v6c3-x77j",
"modified": "2026-06-29T18:31:55Z",
"published": "2026-06-29T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13591"
},
{
"type": "WEB",
"url": "https://github.com/DeepMyst/Mysti/issues/42"
},
{
"type": "WEB",
"url": "https://github.com/DeepMyst/Mysti/pull/43"
},
{
"type": "WEB",
"url": "https://github.com/DeepMyst/Mysti/commit/9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48"
},
{
"type": "WEB",
"url": "https://github.com/DeepMyst/Mysti"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-13591"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/844480"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/374594"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/374594/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4QQH-789F-3W2H
Vulnerability from github – Published: 2024-06-28 18:31 – Updated: 2024-06-28 18:31IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.
{
"affected": [],
"aliases": [
"CVE-2024-31912"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-28T18:15:03Z",
"severity": "HIGH"
},
"details": "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.",
"id": "GHSA-4qqh-789f-3w2h",
"modified": "2024-06-28T18:31:42Z",
"published": "2024-06-28T18:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31912"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7158072"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QXW-JJP5-4RVW
Vulnerability from github – Published: 2026-03-28 00:31 – Updated: 2026-03-28 00:31A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-4990"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-27T22:16:23Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-4qxw-jjp5-4rvw",
"modified": "2026-03-28T00:31:16Z",
"published": "2026-03-28T00:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4990"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.353877"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.353877"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.772515"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.