Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-5H3M-5GHJ-MXMP

Vulnerability from github – Published: 2024-01-13 00:30 – Updated: 2024-09-20 15:30
VLAI
Details

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49647"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T22:15:45Z",
    "severity": "HIGH"
  },
  "details": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.",
  "id": "GHSA-5h3m-5ghj-mxmp",
  "modified": "2024-09-20T15:30:35Z",
  "published": "2024-01-13T00:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49647"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5H4V-6XC7-J5F8

Vulnerability from github – Published: 2025-11-16 12:30 – Updated: 2025-11-16 12:30
VLAI
Details

A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13250"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-16T12:15:44Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be used.",
  "id": "GHSA-5h4v-6xc7-j5f8",
  "modified": "2025-11-16T12:30:24Z",
  "published": "2025-11-16T12:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13250"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.332584"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.332584"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.687604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5H9Q-GWHQ-M4WV

Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-08 18:31
VLAI
Details

A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-08T17:16:40Z",
    "severity": "LOW"
  },
  "details": "A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-5h9q-gwhq-m4wv",
  "modified": "2026-06-08T18:31:51Z",
  "published": "2026-06-08T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11533"
    },
    {
      "type": "WEB",
      "url": "https://github.com/imvks786/student_management_system/issues/4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/imvks786/student_management_system"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-11533"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/836636"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/369150"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/369150/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5HV6-P93J-6MJG

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20110"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T16:16:14Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\n\n This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations.",
  "id": "GHSA-5hv6-p93j-6mjg",
  "modified": "2026-03-25T18:31:47Z",
  "published": "2026-03-25T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20110"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mntc-dos-LZweQcyq"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5J7W-XMV3-FHP4

Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-26 15:32
VLAI
Details

Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56028"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T15:16:42Z",
    "severity": "CRITICAL"
  },
  "details": "Unauthenticated Privilege Escalation in Easy Elements for Elementor \u0026#8211; Addons \u0026amp; Website Templates \u003c= 1.4.9 versions.",
  "id": "GHSA-5j7w-xmv3-fhp4",
  "modified": "2026-06-26T15:32:16Z",
  "published": "2026-06-26T15:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56028"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/easy-elements/vulnerability/wordpress-easy-elements-for-elementor-addons-website-templates-plugin-1-4-9-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5M2G-4CF6-C3RG

Vulnerability from github – Published: 2026-02-22 00:31 – Updated: 2026-02-26 15:31
VLAI
Summary
funadmin has Incorrect Privilege Assignment in its Configuration Handler
Details

A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "funadmin/funadmin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "7.1.0-rc4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-2896"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-26T15:31:55Z",
    "nvd_published_at": "2026-02-22T00:15:59Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-5m2g-4cf6-c3rg",
  "modified": "2026-02-26T15:31:55Z",
  "published": "2026-02-22T00:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2896"
    },
    {
      "type": "WEB",
      "url": "https://github.com/I4m6da/CVE/issues/3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/funadmin/funadmin"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.347207"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.347207"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.753972"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "funadmin has Incorrect Privilege Assignment in its Configuration Handler"
}

GHSA-5P3H-545H-3HHQ

Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-15 09:30
VLAI
Details

A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T14:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-5p3h-545h-3hhq",
  "modified": "2025-11-15T09:30:25Z",
  "published": "2025-11-13T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hwwg/cve/issues/11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Hwwg/cve/issues/6"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.332320"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.332320"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.683222"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.686528"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5PFH-RW2M-9J53

Vulnerability from github – Published: 2025-12-03 18:30 – Updated: 2025-12-05 21:30
VLAI
Details

The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65842"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-03T17:15:54Z",
    "severity": "MODERATE"
  },
  "details": "The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client\u0027s identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.",
  "id": "GHSA-5pfh-rw2m-9j53",
  "modified": "2025-12-05T21:30:22Z",
  "published": "2025-12-03T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65842"
    },
    {
      "type": "WEB",
      "url": "https://almightysec.com/helpertool-xpc-service-local-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5QJR-2XXV-P9M9

Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-04-21 21:31
VLAI
Details

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-33518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T21:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.",
  "id": "GHSA-5qjr-2xxv-p9m9",
  "modified": "2026-04-21T21:31:25Z",
  "published": "2026-04-21T21:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33518"
    },
    {
      "type": "WEB",
      "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/april2026_security_bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VMX-5G6G-MCFC

Vulnerability from github – Published: 2026-01-26 03:30 – Updated: 2026-01-26 03:30
VLAI
Details

A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1411"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-26T01:15:49Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-5vmx-5g6g-mcfc",
  "modified": "2026-01-26T03:30:33Z",
  "published": "2026-01-26T03:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1411"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/raghav20232023/ea6adcd6d1eca35683570a1094164bd3"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.342800"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.342800"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.740674"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.