CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-9RHF-Q362-77MX
Vulnerability from github – Published: 2023-08-09 18:30 – Updated: 2024-04-01 18:32A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.16.0"
]
}
],
"aliases": [
"CVE-2023-3518"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-285"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-01T18:32:42Z",
"nvd_published_at": "2023-08-09T16:15:09Z",
"severity": "HIGH"
},
"details": "A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.",
"id": "GHSA-9rhf-q362-77mx",
"modified": "2024-04-01T18:32:42Z",
"published": "2023-08-09T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3518"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/consul"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers"
}
GHSA-9VCR-V878-4X73
Vulnerability from github – Published: 2025-02-12 21:31 – Updated: 2025-02-12 21:31A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component.
{
"affected": [],
"aliases": [
"CVE-2025-1226"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-12T21:15:20Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component.",
"id": "GHSA-9vcr-v878-4x73",
"modified": "2025-02-12T21:31:54Z",
"published": "2025-02-12T21:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1226"
},
{
"type": "WEB",
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI7PG"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.295216"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.295216"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9VHJ-8H2M-3G3M
Vulnerability from github – Published: 2026-05-17 12:30 – Updated: 2026-05-17 12:30A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1. It is suggested to install a patch to address this issue.
{
"affected": [],
"aliases": [
"CVE-2026-8743"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-17T10:16:35Z",
"severity": "LOW"
},
"details": "A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1. It is suggested to install a patch to address this issue.",
"id": "GHSA-9vhj-8h2m-3g3m",
"modified": "2026-05-17T12:30:24Z",
"published": "2026-05-17T12:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8743"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/issues/4498"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/pull/4553"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs/commit/5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1"
},
{
"type": "WEB",
"url": "https://github.com/open5gs/open5gs"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/814559"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/364330"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/364330/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9VR5-W737-M66G
Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.
{
"affected": [],
"aliases": [
"CVE-2025-3744"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T19:15:50Z",
"severity": "HIGH"
},
"details": "Nomad Enterprise (\u201cNomad\u201d) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.",
"id": "GHSA-9vr5-w737-m66g",
"modified": "2025-05-13T21:30:53Z",
"published": "2025-05-13T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3744"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2025-08-nomad-enterprise-vulnerable-to-violation-of-mandatory-sentinel-policies-in-job-submissions-via-policy-override/74935"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9VW8-375M-PJ63
Vulnerability from github – Published: 2026-02-19 00:30 – Updated: 2026-02-19 00:30A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-2669"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T22:16:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9vw8-375m-pj63",
"modified": "2026-02-19T00:30:30Z",
"published": "2026-02-19T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2669"
},
{
"type": "WEB",
"url": "https://github.com/21151213732/CVE/blob/main/VICDP-Unauthorized%20Access3.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346466"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346466"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.753294"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9W8Q-PJH8-6H83
Vulnerability from github – Published: 2025-07-02 09:30 – Updated: 2025-07-02 09:30The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory.
Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address.
{
"affected": [],
"aliases": [
"CVE-2025-27021"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-02T09:15:25Z",
"severity": "HIGH"
},
"details": "The misconfiguration in the sudoers configuration of the operating system in\n Infinera G42 version R6.1.3 allows low privileged OS users to \nread/write physical memory via devmem command line tool. \nThis could \nallow sensitive information disclosure, denial of service, and privilege \nescalation by tampering with kernel memory.\n\n\nDetails: The output of \"sudo -l\" reports the presence of \"devmem\" command \nexecutable as super user without using a password. This command allows \nto read and write an arbitrary memory area of the target device, \nspecifying an absolute address.",
"id": "GHSA-9w8q-pjh8-6h83",
"modified": "2025-07-02T09:30:29Z",
"published": "2025-07-02T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27021"
},
{
"type": "WEB",
"url": "https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27021"
},
{
"type": "WEB",
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9WCR-PJWM-2CV7
Vulnerability from github – Published: 2026-06-01 21:30 – Updated: 2026-06-01 21:30A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to resolve this issue.
{
"affected": [],
"aliases": [
"CVE-2026-10282"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T19:16:21Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to resolve this issue.",
"id": "GHSA-9wcr-pjwm-2cv7",
"modified": "2026-06-01T21:30:42Z",
"published": "2026-06-01T21:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10282"
},
{
"type": "WEB",
"url": "https://github.com/Bottelet/DaybydayCRM/issues/347"
},
{
"type": "WEB",
"url": "https://github.com/Bottelet/DaybydayCRM/pull/362"
},
{
"type": "WEB",
"url": "https://github.com/Bottelet/DaybydayCRM"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-10282"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/825439"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/825440"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367575"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367575/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9WFR-R3P3-M3FW
Vulnerability from github – Published: 2025-03-17 06:30 – Updated: 2025-03-17 06:30A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2025-2360"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-17T04:15:16Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-9wfr-r3p3-m3fw",
"modified": "2025-03-17T06:30:25Z",
"published": "2025-03-17T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2360"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-823G-SetUpnpSettings-1ac53a41781f80d1a290c8d5da3e795e?pvs=4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.299827"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.299827"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.513751"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9WGG-RVM3-RCM8
Vulnerability from github – Published: 2025-07-09 09:31 – Updated: 2025-07-09 09:31The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).
{
"affected": [],
"aliases": [
"CVE-2025-27028"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-09T09:15:26Z",
"severity": "MODERATE"
},
"details": "The Linux deprivileged user vpuser\u00a0in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).",
"id": "GHSA-9wgg-rvm3-rcm8",
"modified": "2025-07-09T09:31:12Z",
"published": "2025-07-09T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27028"
},
{
"type": "WEB",
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27028"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9WQ4-6X4H-47WM
Vulnerability from github – Published: 2025-08-29 06:30 – Updated: 2025-08-29 06:30A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
{
"affected": [],
"aliases": [
"CVE-2025-9609"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T04:15:57Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.",
"id": "GHSA-9wq4-6x4h-47wm",
"modified": "2025-08-29T06:30:26Z",
"published": "2025-08-29T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9609"
},
{
"type": "WEB",
"url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%E2%80%93%20Missing%20Function-Level%20Access%20Control%20in%20%60.educacenso.consulta%60%20Endpoint.md#poc"
},
{
"type": "WEB",
"url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-9609.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321787"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321787"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.636580"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.