CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-9FG6-8666-RX55
Vulnerability from github – Published: 2026-06-21 06:32 – Updated: 2026-06-21 06:32A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-12778"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-21T06:16:22Z",
"severity": "HIGH"
},
"details": "A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9fg6-8666-rx55",
"modified": "2026-06-21T06:32:07Z",
"published": "2026-06-21T06:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12778"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-12778"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/835607"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/372519"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/372519/cti"
},
{
"type": "WEB",
"url": "https://winslow1984.com/books/cve-collection/page/aomei-partition-assistant-10101-kernel-driver-ampa10sys-local-privilege-escalation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9FPF-G2HQ-CPMP
Vulnerability from github – Published: 2024-10-30 09:30 – Updated: 2026-04-01 18:32Incorrect Privilege Assignment vulnerability in Azexo Marketing Automation by AZEXO allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.
{
"affected": [],
"aliases": [
"CVE-2024-50506"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-30T08:15:03Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in Azexo Marketing Automation by AZEXO allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.",
"id": "GHSA-9fpf-g2hq-cpmp",
"modified": "2026-04-01T18:32:14Z",
"published": "2024-10-30T09:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50506"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/marketing-automation-by-azexo/vulnerability/wordpress-marketing-automation-by-azexo-plugin-1-27-80-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/marketing-automation-by-azexo/wordpress-marketing-automation-by-azexo-plugin-1-27-80-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G93-PXPV-276M
Vulnerability from github – Published: 2025-01-07 06:32 – Updated: 2025-01-07 06:32The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.
{
"affected": [],
"aliases": [
"CVE-2024-12470"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-07T05:15:19Z",
"severity": "CRITICAL"
},
"details": "The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.",
"id": "GHSA-9g93-pxpv-276m",
"modified": "2025-01-07T06:32:16Z",
"published": "2025-01-07T06:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12470"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/sakolawp-lite"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GJC-G99X-6M58
Vulnerability from github – Published: 2025-01-02 12:32 – Updated: 2025-01-02 12:32A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-13107"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-02T12:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-9gjc-g99x-6m58",
"modified": "2025-01-02T12:32:14Z",
"published": "2025-01-02T12:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13107"
},
{
"type": "WEB",
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2LocalAclEditcfg.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.289923"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.289923"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.472087"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9GRP-3X37-PQM5
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30Customer Privilege Escalation in Dokan <= 5.0.2 versions.
{
"affected": [],
"aliases": [
"CVE-2026-49780"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T21:17:22Z",
"severity": "HIGH"
},
"details": "Customer Privilege Escalation in Dokan \u003c= 5.0.2 versions.",
"id": "GHSA-9grp-3x37-pqm5",
"modified": "2026-06-15T21:30:50Z",
"published": "2026-06-15T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49780"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/dokan-lite/vulnerability/wordpress-dokan-plugin-5-0-2-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GVJ-JCF4-33M7
Vulnerability from github – Published: 2024-12-31 18:30 – Updated: 2024-12-31 18:30A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-52049"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-31T16:15:26Z",
"severity": "HIGH"
},
"details": "A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-9gvj-jcf4-33m7",
"modified": "2024-12-31T18:30:51Z",
"published": "2024-12-31T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52049"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/en-US/solution/KA-0018217"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9H84-4PQR-V7JV
Vulnerability from github – Published: 2025-01-09 06:30 – Updated: 2025-01-09 06:30A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-13211"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T04:15:12Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-9h84-4pqr-v7jv",
"modified": "2025-01-09T06:30:23Z",
"published": "2025-01-09T06:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13211"
},
{
"type": "WEB",
"url": "https://github.com/SingMR/HouseRent/issues/12"
},
{
"type": "WEB",
"url": "https://github.com/SingMR/HouseRent/issues/12#issue-2762124045"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290816"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290816"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.471427"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9HPG-MWP6-RHMW
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 21:31Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9.
{
"affected": [],
"aliases": [
"CVE-2026-32488"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:59Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through \u003c= 4.4.9.",
"id": "GHSA-9hpg-mwp6-rhmw",
"modified": "2026-03-26T21:31:25Z",
"published": "2026-03-25T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32488"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/user-registration/vulnerability/wordpress-user-registration-plugin-4-4-9-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9HWM-8WFQ-97MM
Vulnerability from github – Published: 2025-09-17 21:30 – Updated: 2025-09-17 21:30Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack and execute arbitrary code on customers' endpoints. Was ZDI-CAN-26892.
{
"affected": [],
"aliases": [
"CVE-2025-10644"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T21:15:37Z",
"severity": "CRITICAL"
},
"details": "Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the permissions granted to an SAS token. An attacker can leverage this vulnerability to launch a supply-chain attack and execute arbitrary code on customers\u0027 endpoints. Was ZDI-CAN-26892.",
"id": "GHSA-9hwm-8wfq-97mm",
"modified": "2025-09-17T21:30:43Z",
"published": "2025-09-17T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10644"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-896"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9JQH-3GJ2-RJ4V
Vulnerability from github – Published: 2025-03-30 18:30 – Updated: 2025-03-30 18:30A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-2954"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-30T17:15:19Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9jqh-3gj2-rj4v",
"modified": "2025-03-30T18:30:24Z",
"published": "2025-03-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2954"
},
{
"type": "WEB",
"url": "https://magnificent-dill-351.notion.site/Arbitrary-File-Writing-in-OpenManus-2025-3-13-1b9c693918ed805e8e7fd35a896d2d41"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.302007"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.302007"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.521545"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.