CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-596J-X8QJ-W8QX
Vulnerability from github – Published: 2026-05-02 06:30 – Updated: 2026-05-02 06:30A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. You should upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.
{
"affected": [],
"aliases": [
"CVE-2026-7602"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-02T04:16:23Z",
"severity": "LOW"
},
"details": "A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be performed from remote. The exploit has been made public and could be used. You should upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.",
"id": "GHSA-596j-x8qj-w8qx",
"modified": "2026-05-02T06:30:23Z",
"published": "2026-05-02T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7602"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot/issues/9552"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot/issues/9552#issuecomment-4251391314"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/805706"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360559"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360559/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-59PV-C2QW-V2JR
Vulnerability from github – Published: 2025-09-11 06:30 – Updated: 2025-09-11 06:30A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10247"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-11T06:15:36Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in JEPaaS 7.2.8. This vulnerability affects the function doFilterInternal of the component Filter Handler. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-59pv-c2qw-v2jr",
"modified": "2025-09-11T06:30:23Z",
"published": "2025-09-11T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10247"
},
{
"type": "WEB",
"url": "https://github.com/c3p0ooo-Yiqiyin/JEPaaS-Access-control-bypass-vulnerability/blob/main/README.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323547"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323547"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.642413"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-59V6-C2FG-G227
Vulnerability from github – Published: 2026-07-13 12:35 – Updated: 2026-07-13 12:35Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through < 2.9.1.
{
"affected": [],
"aliases": [
"CVE-2026-57386"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T10:16:31Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through \u003c 2.9.1.",
"id": "GHSA-59v6-c2fg-g227",
"modified": "2026-07-13T12:35:02Z",
"published": "2026-07-13T12:35:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57386"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/ablocks/vulnerability/wordpress-ablocks-plugin-2-9-1-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59W9-4RGJ-869H
Vulnerability from github – Published: 2026-02-16 12:30 – Updated: 2026-02-16 12:30A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2549"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-16T10:16:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in zhanghuanhao LibrarySystem \u56fe\u4e66\u9986\u7ba1\u7406\u7cfb\u7edf up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-59w9-4rgj-869h",
"modified": "2026-02-16T12:30:25Z",
"published": "2026-02-16T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2549"
},
{
"type": "WEB",
"url": "https://github.com/zhanghuanhao/LibrarySystem/issues/32"
},
{
"type": "WEB",
"url": "https://github.com/zhanghuanhao/LibrarySystem/issues/32#issue-3879640487"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346158"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346158"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.749873"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5C6R-8224-RMWH
Vulnerability from github – Published: 2025-08-11 09:30 – Updated: 2025-08-11 09:30A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-8839"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-11T09:15:30Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-5c6r-8224-rmwh",
"modified": "2025-08-11T09:30:37Z",
"published": "2025-08-11T09:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8839"
},
{
"type": "WEB",
"url": "https://github.com/jishenghua/jshERP/issues/125"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319373"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319373"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.622569"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5C84-42GQ-X4PJ
Vulnerability from github – Published: 2024-10-17 18:31 – Updated: 2026-04-01 18:32Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3.
{
"affected": [],
"aliases": [
"CVE-2024-49219"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-17T18:15:09Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3.",
"id": "GHSA-5c84-42gq-x4pj",
"modified": "2026-04-01T18:32:02Z",
"published": "2024-10-17T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49219"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/rs-members/vulnerability/wordpress-rs-members-plugin-1-0-3-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/rs-members/wordpress-rs-members-plugin-1-0-3-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5CP9-2C98-7CQM
Vulnerability from github – Published: 2025-09-12 06:30 – Updated: 2025-09-12 06:30A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10291"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-12T06:15:41Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-5cp9-2c98-7cqm",
"modified": "2025-09-12T06:30:26Z",
"published": "2025-09-12T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10291"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323717"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323717"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.643390"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063376"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5F8C-X4PH-C49P
Vulnerability from github – Published: 2025-02-12 06:30 – Updated: 2025-02-12 06:30The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.
{
"affected": [],
"aliases": [
"CVE-2024-13421"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T05:15:11Z",
"severity": "CRITICAL"
},
"details": "The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.",
"id": "GHSA-5f8c-x4ph-c49p",
"modified": "2025-02-12T06:30:32Z",
"published": "2025-02-12T06:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13421"
},
{
"type": "WEB",
"url": "https://contempothemes.com/changelog"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5FHG-X5MC-6H7M
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-28 18:30Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.4.01.
{
"affected": [],
"aliases": [
"CVE-2025-68869"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:12Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through \u003c= 1.4.01.",
"id": "GHSA-5fhg-x5mc-6h7m",
"modified": "2026-01-28T18:30:44Z",
"published": "2026-01-22T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68869"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/lazytasks-project-task-management/vulnerability/wordpress-lazytasks-plugin-1-2-37-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5GJC-GRVM-M88J
Vulnerability from github – Published: 2026-04-17 21:53 – Updated: 2026-05-05 12:00Summary
Memory dreaming config persistence was reachable from operator.write commands.
Affected Packages / Versions
- Package:
openclaw - Ecosystem: npm
- Affected versions:
>= 2026.4.5 < 2026.4.10 - Patched versions:
>= 2026.4.10
Impact
A write-scoped gateway path could toggle persistent memory dreaming settings through /dreaming, crossing into an admin-class configuration mutation.
Technical Details
The fix requires admin scope for persistent dreaming gateway toggles.
Fix
The issue was fixed in #63872. The first stable tag containing the fix is v2026.4.10, and openclaw@2026.4.14 includes the fix.
Fix Commit(s)
6af17b39e11f5f35e23b7e5a5f71a7d0aa3c7310- PR: #63872
Release Process Note
Users should upgrade to openclaw 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix.
Credits
Thanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "2026.4.5"
},
{
"fixed": "2026.4.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43568"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-17T21:53:17Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nMemory dreaming config persistence was reachable from operator.write commands.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003e= 2026.4.5 \u003c 2026.4.10`\n- Patched versions: `\u003e= 2026.4.10`\n\n## Impact\n\nA write-scoped gateway path could toggle persistent memory dreaming settings through `/dreaming`, crossing into an admin-class configuration mutation.\n\n## Technical Details\n\nThe fix requires admin scope for persistent dreaming gateway toggles.\n\n## Fix\n\nThe issue was fixed in #63872. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `6af17b39e11f5f35e23b7e5a5f71a7d0aa3c7310`\n- PR: #63872\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
"id": "GHSA-5gjc-grvm-m88j",
"modified": "2026-05-05T12:00:11Z",
"published": "2026-04-17T21:53:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5gjc-grvm-m88j"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/pull/63872"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/6af17b39e11f5f35e23b7e5a5f71a7d0aa3c7310"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Memory dreaming config persistence was reachable from operator.write commands"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.