Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-4HWX-J6W8-9W2R

Vulnerability from github – Published: 2025-02-21 21:32 – Updated: 2025-03-03 21:30
VLAI
Details

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-21T19:15:14Z",
    "severity": "MODERATE"
  },
  "details": "A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.",
  "id": "GHSA-4hwx-j6w8-9w2r",
  "modified": "2025-03-03T21:30:56Z",
  "published": "2025-02-21T21:32:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25767"
    },
    {
      "type": "WEB",
      "url": "https://flowus.cn/share/a6170a19-032b-462d-8bf9-06ab139f78ba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4J43-R7JH-Q4JJ

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-08-22 03:31
VLAI
Details

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-39576"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T03:15:03Z",
    "severity": "HIGH"
  },
  "details": "Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.",
  "id": "GHSA-4j43-r7jh-q4jj",
  "modified": "2024-08-22T03:31:34Z",
  "published": "2024-08-22T03:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39576"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000227010/dsa-2024-323"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4JGV-VWW9-6WQW

Vulnerability from github – Published: 2025-04-29 15:31 – Updated: 2025-04-29 15:31
VLAI
Details

A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4067"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-29T15:15:54Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-4jgv-vww9-6wqw",
  "modified": "2025-04-29T15:31:54Z",
  "published": "2025-04-29T15:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4067"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.306504"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.306504"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.559514"
    },
    {
      "type": "WEB",
      "url": "https://www.websecurityinsights.my.id/2025/04/script-and-tools-online-travling-system_71.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4JJV-8WPJ-WQFG

Vulnerability from github – Published: 2025-10-05 06:30 – Updated: 2025-10-05 06:30
VLAI
Details

A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. You should upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-05T04:15:40Z",
    "severity": "LOW"
  },
  "details": "A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. You should upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.",
  "id": "GHSA-4jjv-8wpj-wqfg",
  "modified": "2025-10-05T06:30:14Z",
  "published": "2025-10-05T06:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11281"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89#steps-to-reproduce"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.327015"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.327015"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.659695"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4JM8-CRF9-FF85

Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-08-01 15:31
VLAI
Details

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T19:15:51Z",
    "severity": "HIGH"
  },
  "details": "Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.",
  "id": "GHSA-4jm8-crf9-ff85",
  "modified": "2024-08-01T15:31:48Z",
  "published": "2024-06-13T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36587"
    },
    {
      "type": "WEB",
      "url": "https://github.com/go-compile/security-advisories/blob/master/vulns/CVE-2024-36587.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4M39-8PH2-44FQ

Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-07-11 15:30
VLAI
Details

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T21:15:13Z",
    "severity": "MODERATE"
  },
  "details": "In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device \u0026 app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
  "id": "GHSA-4m39-8ph2-44fq",
  "modified": "2024-07-11T15:30:45Z",
  "published": "2024-07-09T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31315"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/a9ee2793068235ff423d08cc0964870c054d1983"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-06-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4PM3-3999-HJ74

Vulnerability from github – Published: 2024-11-20 15:30 – Updated: 2024-11-20 15:30
VLAI
Details

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-20T14:15:18Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.",
  "id": "GHSA-4pm3-3999-hj74",
  "modified": "2024-11-20T15:30:52Z",
  "published": "2024-11-20T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9478"
    },
    {
      "type": "WEB",
      "url": "https://support.upkeeper.se/hc/en-us/articles/17007638130716-CVE-2024-9478-Improper-Privilege-Management-Process"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4PQR-V6C3-X77J

Vulnerability from github – Published: 2026-06-29 18:31 – Updated: 2026-06-29 18:31
VLAI
Details

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-29T17:16:29Z",
    "severity": "LOW"
  },
  "details": "A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.",
  "id": "GHSA-4pqr-v6c3-x77j",
  "modified": "2026-06-29T18:31:55Z",
  "published": "2026-06-29T18:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13591"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DeepMyst/Mysti/issues/42"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DeepMyst/Mysti/pull/43"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DeepMyst/Mysti/commit/9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DeepMyst/Mysti"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-13591"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/844480"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/374594"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/374594/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4QQH-789F-3W2H

Vulnerability from github – Published: 2024-06-28 18:31 – Updated: 2024-06-28 18:31
VLAI
Details

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-28T18:15:03Z",
    "severity": "HIGH"
  },
  "details": "IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment.  IBM X-Force ID:  289894.",
  "id": "GHSA-4qqh-789f-3w2h",
  "modified": "2024-06-28T18:31:42Z",
  "published": "2024-06-28T18:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31912"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289894"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7158072"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4QXW-JJP5-4RVW

Vulnerability from github – Published: 2026-03-28 00:31 – Updated: 2026-03-28 00:31
VLAI
Details

A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-27T22:16:23Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-4qxw-jjp5-4rvw",
  "modified": "2026-03-28T00:31:16Z",
  "published": "2026-03-28T00:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4990"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.353877"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.353877"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.772515"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.