Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-CHPJ-58V7-MCRW

Vulnerability from github – Published: 2025-09-17 21:30 – Updated: 2025-09-17 21:30
VLAI
Details

A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10608"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T19:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.",
  "id": "GHSA-chpj-58v7-mcrw",
  "modified": "2025-09-17T21:30:42Z",
  "published": "2025-09-17T21:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10608"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60.enrollment-history.(ID)%60%20Endpoint.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10608.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.324628"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.324628"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.649876"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CHRF-63WR-8CHC

Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-03-04 15:30
VLAI
Details

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-04T13:15:57Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.",
  "id": "GHSA-chrf-63wr-8chc",
  "modified": "2026-03-04T15:30:34Z",
  "published": "2026-03-04T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21425"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-sg/000432452/dsa-2026-038-security-update-for-dell-powerscale-onefs-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ2W-M49H-94FJ

Vulnerability from github – Published: 2026-03-21 12:31 – Updated: 2026-03-21 12:31
VLAI
Details

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be performed from remote. The exploit has been published and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-21T11:17:06Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be performed from remote. The exploit has been published and may be used.",
  "id": "GHSA-cj2w-m49h-94fj",
  "modified": "2026-03-21T12:31:37Z",
  "published": "2026-03-21T12:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zzj-create/cvetest/blob/main/VULN-06_BACKEND_ARBITRARY_FIELD_MODIFICATION_REPORT_EN.md#vuln-06-pbootcms-3212-backend-arbitrary-field-modification"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.352079"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.352079"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.773907"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CJCP-QXVG-4RJM

Vulnerability from github – Published: 2025-12-02 00:35 – Updated: 2025-12-02 00:35
VLAI
Summary
Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover
Details

Summary

A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This effectively allows privilege escalation from limited user-manager permissions to full administrator access.

Steps to Reproduce

  1. Make sure you have two accounts: an admin and a user with create user privilege
  2. In the user account, navigate to /grav-admin/admin/accounts/users and click "Add"
  3. Enter the name of the admin, complete registration and observe that the existing admin’s email is changed to the value you provided.
  4. Log out from user account log in as admin with new credentials

Impact

  1. Full admin takeover by any user with create user permission.
  2. Ability to change admin credentials, install/remove plugins, read or modify site data, and execute any action available to an admin.
  3. Severity: High/Critical.

PoC

https://github.com/user-attachments/assets/3ab0a7d6-5055-41be-9e0e-2bd6ca359b37

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0-beta.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T00:35:18Z",
    "nvd_published_at": "2025-12-01T21:15:53Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA privilege escalation vulnerability exists in Grav\u2019s Admin plugin due to the absence of username uniqueness validation when creating users.\nA user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, and then log in as that administrator. This effectively allows privilege escalation from limited user-manager permissions to full administrator access.\n\n\n### Steps to Reproduce\n1. Make sure you have two accounts: an admin and a user with create user privilege\n2. In the user account, navigate to /grav-admin/admin/accounts/users and click \"Add\"\n3. Enter the name of the admin, complete registration and observe that the existing admin\u2019s email is changed to the value you provided.\n4. Log out from user account log in as admin with new credentials\n\n\n### Impact\n1. Full admin takeover by any user with create user permission.\n2. Ability to change admin credentials, install/remove plugins, read or modify site data, and execute any action available to an admin.\n3. Severity: High/Critical.\n\n\n### PoC\nhttps://github.com/user-attachments/assets/3ab0a7d6-5055-41be-9e0e-2bd6ca359b37",
  "id": "GHSA-cjcp-qxvg-4rjm",
  "modified": "2025-12-02T00:35:19Z",
  "published": "2025-12-02T00:35:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-cjcp-qxvg-4rjm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66296"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/3462d94d575064601689b236508c316242e15741"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover"
}

GHSA-CMJ8-8XCW-78X8

Vulnerability from github – Published: 2024-10-17 18:31 – Updated: 2026-04-01 18:32
VLAI
Details

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T18:15:15Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.",
  "id": "GHSA-cmj8-8xcw-78x8",
  "modified": "2026-04-01T18:32:03Z",
  "published": "2024-10-17T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49322"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/jemployee/vulnerability/wordpress-job-board-manager-for-wordpress-plugin-1-0-privilege-escalation-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/jemployee/wordpress-job-board-manager-for-wordpress-plugin-1-0-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP5G-5X6R-CMW3

Vulnerability from github – Published: 2025-04-14 15:31 – Updated: 2025-04-14 15:31
VLAI
Details

A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-14T13:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in veal98 \u5c0f\u725b\u8089 Echo \u5f00\u6e90\u793e\u533a\u7cfb\u7edf 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-cp5g-5x6r-cmw3",
  "modified": "2025-04-14T15:31:57Z",
  "published": "2025-04-14T15:31:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3567"
    },
    {
      "type": "WEB",
      "url": "https://github.com/caigo8/CVE-md/blob/main/Echo/%E4%B8%8D%E5%AE%89%E5%85%A8%E7%9A%84%E6%9D%83%E9%99%90%E6%A0%A1%E9%AA%8C.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.304608"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.304608"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.549537"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CP89-J668-CMF6

Vulnerability from github – Published: 2025-12-14 15:30 – Updated: 2025-12-14 15:30
VLAI
Details

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-14T13:15:35Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component.",
  "id": "GHSA-cp89-j668-cmf6",
  "modified": "2025-12-14T15:30:17Z",
  "published": "2025-12-14T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14660"
    },
    {
      "type": "WEB",
      "url": "https://github.com/decocms/mesh/pull/1967"
    },
    {
      "type": "WEB",
      "url": "https://github.com/decocms/mesh/pull/1967#issue-3700934099"
    },
    {
      "type": "WEB",
      "url": "https://github.com/decocms/mesh/pull/1967#issuecomment-3622379237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/decocms/mesh/commit/5f7315e05852faf3a9c177c0a34f9ea9b0371d3d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/decocms/mesh/releases/tag/runtime-v1.0.0-alpha.32"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.336392"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.336392"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.713741"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CPQM-82VF-6WG4

Vulnerability from github – Published: 2024-06-27 12:30 – Updated: 2024-08-01 15:31
VLAI
Details

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.

The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-7270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-27T10:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won\u0027t be fixed.\n\n\n\n\n\nThe SoftMaker Office and FreeOffice MSI installer files were found to\n produce a visible conhost.exe window running as the SYSTEM user when \nusing the repair function of msiexec.exe.\u00a0This allows a local, \nlow-privileged attacker to use a chain of actions, to open a fully \nfunctional cmd.exe with the privileges of the SYSTEM user.",
  "id": "GHSA-cpqm-82vf-6wg4",
  "modified": "2024-08-01T15:31:51Z",
  "published": "2024-06-27T12:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7270"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/softmaker"
    },
    {
      "type": "WEB",
      "url": "https://softmaker.de/download/servicepacks"
    },
    {
      "type": "WEB",
      "url": "https://www.freeoffice.com/de/download/servicepacks"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jul/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CPVG-CX4X-MQCP

Vulnerability from github – Published: 2025-06-27 12:31 – Updated: 2026-04-01 18:35
VLAI
Details

Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types allows Privilege Escalation. This issue affects CouponXxL Custom Post Types: from n/a through 3.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-27T12:15:40Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types allows Privilege Escalation. This issue affects CouponXxL Custom Post Types: from n/a through 3.0.",
  "id": "GHSA-cpvg-cx4x-mqcp",
  "modified": "2026-04-01T18:35:35Z",
  "published": "2025-06-27T12:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52726"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/couponxxl-cpt/vulnerability/wordpress-couponxxl-custom-post-types-3-0-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQ43-78CH-3F5Q

Vulnerability from github – Published: 2026-05-17 12:30 – Updated: 2026-05-17 12:30
VLAI
Details

A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-17T12:16:43Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-cq43-78ch-3f5q",
  "modified": "2026-05-17T12:30:25Z",
  "published": "2026-05-17T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8752"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/810108"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/364379"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/364379/cti"
    },
    {
      "type": "WEB",
      "url": "https://vulnplus-note.wetolink.com/share/pyVa0GWPuAZE"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.