CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-7HJG-42GH-8J3V
Vulnerability from github – Published: 2026-01-14 09:31 – Updated: 2026-04-23 18:32Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.
{
"affected": [],
"aliases": [
"CVE-2026-23550"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T09:16:02Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.",
"id": "GHSA-7hjg-42gh-8j3v",
"modified": "2026-04-23T18:32:23Z",
"published": "2026-01-14T09:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23550"
},
{
"type": "WEB",
"url": "https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0"
},
{
"type": "WEB",
"url": "https://patchstack.com/articles/critical-privilege-escalation-vulnerability-in-modular-ds-plugin-affecting-40k-sites-exploited-in-the-wild"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/modular-connector/vulnerability/wordpress-modular-ds-monitor-update-and-backup-multiple-websites-plugin-2-5-1-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7HJQ-WMFX-V2H8
Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-09-19 21:31StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Successful exploit could allow an unauthorized authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades.
{
"affected": [],
"aliases": [
"CVE-2025-26517"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-19T19:15:38Z",
"severity": "MODERATE"
},
"details": "StorageGRID (formerly \nStorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are \nsusceptible to a privilege escalation vulnerability. Successful exploit \ncould allow an unauthorized authenticated attacker to discover Grid node\n names and IP addresses or modify Storage Grades.",
"id": "GHSA-7hjq-wmfx-v2h8",
"modified": "2025-09-19T21:31:17Z",
"published": "2025-09-19T21:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26517"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/NTAP-20250910-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7JG4-8PC3-8QW9
Vulnerability from github – Published: 2025-12-18 09:30 – Updated: 2026-01-20 15:32Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through <= 1.2.
{
"affected": [],
"aliases": [
"CVE-2025-49379"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T08:15:51Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through \u003c= 1.2.",
"id": "GHSA-7jg4-8pc3-8qw9",
"modified": "2026-01-20T15:32:18Z",
"published": "2025-12-18T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49379"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/custom-fields-account-registration-for-woocommerce/vulnerability/wordpress-custom-fields-account-registration-for-woocommerce-plugin-1-2-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/custom-fields-account-registration-for-woocommerce/vulnerability/wordpress-custom-fields-account-registration-for-woocommerce-plugin-1-2-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JP6-R74R-995Q
Vulnerability from github – Published: 2026-04-17 22:15 – Updated: 2026-05-08 01:32Summary
Matrix profile config persistence was reachable from operator.write message tools.
Affected Packages / Versions
- Package:
openclaw - Ecosystem: npm
- Affected versions:
< 2026.4.10 - Patched versions:
>= 2026.4.10
Impact
Gateway operator.write message-tool paths could reach Matrix profile persistence that should have required admin-level authority.
Technical Details
The fix gates Matrix profile updates for non-owner message-tool runs and prevents write-scoped callers from mutating persistent profile config.
Fix
The issue was fixed in #62662. The first stable tag containing the fix is v2026.4.10, and openclaw@2026.4.14 includes the fix.
Fix Commit(s)
fe0f686c9228fffcec6de4011da45e69a6e23e54- PR: #62662
Release Process Note
Users should upgrade to openclaw 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix.
Credits
Thanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42433"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-862",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-17T22:15:27Z",
"nvd_published_at": "2026-05-05T12:16:17Z",
"severity": "HIGH"
},
"details": "## Summary\n\nMatrix profile config persistence was reachable from operator.write message tools.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003c 2026.4.10`\n- Patched versions: `\u003e= 2026.4.10`\n\n## Impact\n\nGateway `operator.write` message-tool paths could reach Matrix profile persistence that should have required admin-level authority.\n\n## Technical Details\n\nThe fix gates Matrix profile updates for non-owner message-tool runs and prevents write-scoped callers from mutating persistent profile config.\n\n## Fix\n\nThe issue was fixed in #62662. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `fe0f686c9228fffcec6de4011da45e69a6e23e54`\n- PR: #62662\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
"id": "GHSA-7jp6-r74r-995q",
"modified": "2026-05-08T01:32:22Z",
"published": "2026-04-17T22:15:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7jp6-r74r-995q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42433"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/pull/62662"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/fe0f686c9228fffcec6de4011da45e69a6e23e54"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-unauthorized-matrix-profile-config-persistence-access-via-operator-write-message-tools"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Matrix profile config persistence was reachable from operator.write message tools"
}
GHSA-7JWR-6F8F-4CXP
Vulnerability from github – Published: 2025-10-15 18:31 – Updated: 2025-10-15 18:31Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities
{
"affected": [],
"aliases": [
"CVE-2025-10577"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-15T17:15:48Z",
"severity": "HIGH"
},
"details": "Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities",
"id": "GHSA-7jwr-6f8f-4cxp",
"modified": "2025-10-15T18:31:51Z",
"published": "2025-10-15T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10577"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_13092608-13092602-16/hpsbhf04051"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7M5M-789W-R328
Vulnerability from github – Published: 2025-05-31 18:30 – Updated: 2025-05-31 18:30A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
{
"affected": [],
"aliases": [
"CVE-2025-5387"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-31T18:15:20Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.",
"id": "GHSA-7m5m-789w-r328",
"modified": "2025-05-31T18:30:33Z",
"published": "2025-05-31T18:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5387"
},
{
"type": "WEB",
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.310680"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.310680"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-7MCR-XX2R-QF84
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
{
"affected": [],
"aliases": [
"CVE-2026-20804"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:06Z",
"severity": "HIGH"
},
"details": "Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.",
"id": "GHSA-7mcr-xx2r-qf84",
"modified": "2026-01-13T18:31:08Z",
"published": "2026-01-13T18:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20804"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20804"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7MPP-X69F-GJG8
Vulnerability from github – Published: 2025-08-29 03:30 – Updated: 2025-08-29 18:30NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.
{
"affected": [],
"aliases": [
"CVE-2025-58323"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T03:15:39Z",
"severity": "HIGH"
},
"details": "NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM by executing arbitrary files due to improper privilege checks.",
"id": "GHSA-7mpp-x69f-gjg8",
"modified": "2025-08-29T18:30:47Z",
"published": "2025-08-29T03:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58323"
},
{
"type": "WEB",
"url": "https://cve.naver.com/detail/cve-2025-58323.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7MVM-5M6V-X45X
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation.
This issue affects Smart Manager: from n/a through 8.85.0.
{
"affected": [],
"aliases": [
"CVE-2026-45216"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-25T23:16:33Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation.\n\nThis issue affects Smart Manager: from n/a through 8.85.0.",
"id": "GHSA-7mvm-5m6v-x45x",
"modified": "2026-05-26T13:30:52Z",
"published": "2026-05-26T13:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45216"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/smart-manager-for-wp-e-commerce/vulnerability/wordpress-smart-manager-plugin-8-85-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7PQM-GJRM-WF96
Vulnerability from github – Published: 2026-03-07 21:33 – Updated: 2026-03-07 21:33A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-3669"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-07T19:15:48Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in Freedom Factory dGEN1 up to 20260221. This impacts the function AlarmService of the component com.dgen.alarm. Such manipulation leads to improper authorization. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-7pqm-gjrm-wf96",
"modified": "2026-03-07T21:33:41Z",
"published": "2026-03-07T21:33:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3669"
},
{
"type": "WEB",
"url": "https://gist.github.com/Lytes/2bd9cb3faf89b114754f00292beabb38"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.349557"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.349557"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.764703"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.