CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-CXXF-6583-J227
Vulnerability from github – Published: 2025-08-13 18:31 – Updated: 2025-08-13 18:31An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.
{
"affected": [],
"aliases": [
"CVE-2024-12303"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T18:15:28Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.",
"id": "GHSA-cxxf-6583-j227",
"modified": "2025-08-13T18:31:24Z",
"published": "2025-08-13T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12303"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2861889"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508298"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F29Q-47RX-429G
Vulnerability from github – Published: 2024-08-31 09:30 – Updated: 2024-08-31 09:30Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
{
"affected": [],
"aliases": [
"CVE-2024-39579"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-31T08:15:05Z",
"severity": "MODERATE"
},
"details": "Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.",
"id": "GHSA-f29q-47rx-429g",
"modified": "2024-08-31T09:30:44Z",
"published": "2024-08-31T09:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39579"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000228207/dsa-2024-346-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F2F3-9XW6-R52M
Vulnerability from github – Published: 2022-12-03 09:30 – Updated: 2022-12-06 15:30A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.
{
"affected": [],
"aliases": [
"CVE-2022-4272"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-284",
"CWE-434"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-03T09:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.",
"id": "GHSA-f2f3-9xw6-r52m",
"modified": "2022-12-06T15:30:30Z",
"published": "2022-12-03T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4272"
},
{
"type": "WEB",
"url": "https://github.com/FeMiner/wms/issues/14"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.214760"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/04/26/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F2WV-RJ9R-2V8J
Vulnerability from github – Published: 2026-03-12 09:31 – Updated: 2026-03-12 09:31A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
{
"affected": [],
"aliases": [
"CVE-2026-4013"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-12T08:16:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.",
"id": "GHSA-f2wv-rj9r-2v8j",
"modified": "2026-03-12T09:31:32Z",
"published": "2026-03-12T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4013"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.350535"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.350535"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769781"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F3H5-H452-VP3J
Vulnerability from github – Published: 2026-04-17 22:00 – Updated: 2026-04-17 22:00Summary
Nostr profile mutation routes allowed operator.write config persistence.
Affected Packages / Versions
- Package:
openclaw - Ecosystem: npm
- Affected versions:
< 2026.4.10 - Patched versions:
>= 2026.4.10
Impact
Nostr plugin HTTP profile routes could persist profile config through a path that did not require admin authority.
Technical Details
The fix requires operator.admin scope for Nostr profile mutation routes.
Fix
The issue was fixed in #63553. The first stable tag containing the fix is v2026.4.10, and openclaw@2026.4.14 includes the fix.
Fix Commit(s)
6517c700de9bb0ee11b41ab625ef3b63d01b6083- PR: #63553
Release Process Note
Users should upgrade to openclaw 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix.
Credits
Thanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-17T22:00:59Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nNostr profile mutation routes allowed operator.write config persistence.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003c 2026.4.10`\n- Patched versions: `\u003e= 2026.4.10`\n\n## Impact\n\nNostr plugin HTTP profile routes could persist profile config through a path that did not require admin authority.\n\n## Technical Details\n\nThe fix requires `operator.admin` scope for Nostr profile mutation routes.\n\n## Fix\n\nThe issue was fixed in #63553. The first stable tag containing the fix is `v2026.4.10`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `6517c700de9bb0ee11b41ab625ef3b63d01b6083`\n- PR: #63553\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.10 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zpbrent and @zsxsoft, with sponsorship from @KeenSecurityLab and @qclawer for reporting this issue.",
"id": "GHSA-f3h5-h452-vp3j",
"modified": "2026-04-17T22:00:59Z",
"published": "2026-04-17T22:00:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-f3h5-h452-vp3j"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/pull/63553"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenClaw: Nostr profile mutation routes allowed operator.write config persistence"
}
GHSA-F3VP-27J4-HRCW
Vulnerability from github – Published: 2025-01-21 15:31 – Updated: 2026-04-01 18:33Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.
{
"affected": [],
"aliases": [
"CVE-2024-51888"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T14:15:09Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.",
"id": "GHSA-f3vp-27j4-hrcw",
"modified": "2026-04-01T18:33:17Z",
"published": "2025-01-21T15:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51888"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/homey-login-register/vulnerability/wordpress-homey-login-register-plugin-2-4-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F493-GQ25-5C5X
Vulnerability from github – Published: 2026-06-03 03:30 – Updated: 2026-06-03 03:30A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
{
"affected": [],
"aliases": [
"CVE-2026-10693"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-03T01:16:21Z",
"severity": "LOW"
},
"details": "A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.",
"id": "GHSA-f493-gq25-5c5x",
"modified": "2026-06-03T03:30:24Z",
"published": "2026-06-03T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10693"
},
{
"type": "WEB",
"url": "https://medium.com/@hemantrajbhati5555/broken-access-control-in-sourcecodester-online-boat-reservation-system-1-0-4ed0380d2222"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-10693"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/830894"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367962"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367962/cti"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F4CR-6P7W-H5XH
Vulnerability from github – Published: 2025-04-18 15:31 – Updated: 2025-04-18 15:31A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-3790"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-18T13:15:58Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-f4cr-6p7w-h5xh",
"modified": "2025-04-18T15:31:38Z",
"published": "2025-04-18T15:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3790"
},
{
"type": "WEB",
"url": "https://github.com/caigo8/CVE-md/blob/main/JSite/durid%E6%9C%AA%E6%8E%88%E6%9D%83.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.305613"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.305613"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.554572"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F4RH-8HH9-HC4P
Vulnerability from github – Published: 2026-07-13 12:35 – Updated: 2026-07-13 12:35Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3.
{
"affected": [],
"aliases": [
"CVE-2026-57813"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T10:16:45Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through \u003c= 1.2.77.3.",
"id": "GHSA-f4rh-8hh9-hc4p",
"modified": "2026-07-13T12:35:05Z",
"published": "2026-07-13T12:35:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57813"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/mailoptin/vulnerability/wordpress-mailoptin-plugin-1-2-77-3-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F4RM-Q33H-47W8
Vulnerability from github – Published: 2026-01-09 18:31 – Updated: 2026-01-09 18:31An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request
{
"affected": [],
"aliases": [
"CVE-2025-67278"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-09T16:16:07Z",
"severity": "MODERATE"
},
"details": "An issue in TIM Solution GmbH TIM BPM Suite \u0026 TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request",
"id": "GHSA-f4rm-q33h-47w8",
"modified": "2026-01-09T18:31:36Z",
"published": "2026-01-09T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67278"
},
{
"type": "WEB",
"url": "https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes"
},
{
"type": "WEB",
"url": "https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.