Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-FR45-GQPR-4FC9

Vulnerability from github – Published: 2025-03-09 06:31 – Updated: 2025-03-09 06:31
VLAI
Details

A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of the argument OperId leads to improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-09T05:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This issue affects some unknown processing of the file /WebPages/Adm/OperatorStop.asp of the component Reset Password Interface. The manipulation of the argument OperId leads to improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-fr45-gqpr-4fc9",
  "modified": "2025-03-09T06:31:42Z",
  "published": "2025-03-09T06:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2114"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zhangbuneng/an-arbitrary-user-password-reset-vulnerability-in-the-Sixun-Shanghui-7-Group/issues/1#issue-2877317082"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.299009"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.299009"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.506591"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FV2Q-HQCX-C836

Vulnerability from github – Published: 2026-07-12 06:31 – Updated: 2026-07-12 06:31
VLAI
Details

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-12T04:16:20Z",
    "severity": "LOW"
  },
  "details": "A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. It is suggested to upgrade the affected component.",
  "id": "GHSA-fv2q-hqcx-c836",
  "modified": "2026-07-12T06:31:10Z",
  "published": "2026-07-12T06:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15476"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-15476"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/835610"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377781"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377781/cti"
    },
    {
      "type": "WEB",
      "url": "https://winslow1984.com/books/cve-collection/page/qiling-disk-master-kernel-driver-diskbckpsys-6-0-0-0-local-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "https://www.idiskhome.com/download/beta/multi_DiskMaster_Pro_Trial.exe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FVFX-9GGM-QJQG

Vulnerability from github – Published: 2025-01-08 21:32 – Updated: 2025-01-08 21:32
VLAI
Details

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-13188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-08T19:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-fvfx-9ggm-qjqg",
  "modified": "2025-01-08T21:32:25Z",
  "published": "2025-01-08T21:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13188"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hawkteam404/RnD_Public/blob/main/escan_incorrect_default_perm.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.290780"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.290780"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.468796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FVVM-V9XG-J7M3

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-54807"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:20:51Z",
    "severity": "CRITICAL"
  },
  "details": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions.",
  "id": "GHSA-fvvm-v9xg-j7m3",
  "modified": "2026-06-17T18:35:52Z",
  "published": "2026-06-17T18:35:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54807"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/registration-form-for-woocommerce/vulnerability/wordpress-registration-form-for-woocommerce-plugin-1-0-9-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FW2H-288W-Q47J

Vulnerability from github – Published: 2026-06-21 09:30 – Updated: 2026-06-21 09:30
VLAI
Details

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-21T08:16:23Z",
    "severity": "HIGH"
  },
  "details": "A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-fw2h-288w-q47j",
  "modified": "2026-06-21T09:30:51Z",
  "published": "2026-06-21T09:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12784"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-12784"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/835613"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/372524"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/372524/cti"
    },
    {
      "type": "WEB",
      "url": "https://winslow1984.com/books/cve-collection/page/im-magic-partition-resizer-790-kernel-driver-mda-ntdrvsys-local-privilege-escalation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FWJ7-GHMR-XXHV

Vulnerability from github – Published: 2025-01-15 18:30 – Updated: 2026-04-01 18:33
VLAI
Details

Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-15T16:15:35Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2.",
  "id": "GHSA-fwj7-ghmr-xxhv",
  "modified": "2026-04-01T18:33:08Z",
  "published": "2025-01-15T18:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22736"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/user-management/vulnerability/wordpress-user-management-plugin-1-2-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FX54-G6R7-6JQ2

Vulnerability from github – Published: 2026-07-12 03:31 – Updated: 2026-07-12 03:31
VLAI
Details

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 13.9 is sufficient to fix this issue. The affected component should be upgraded. The vendor was contacted early about this disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-15475"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-12T03:16:10Z",
    "severity": "LOW"
  },
  "details": "A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 13.9 is sufficient to fix this issue. The affected component should be upgraded. The vendor was contacted early about this disclosure.",
  "id": "GHSA-fx54-g6r7-6jq2",
  "modified": "2026-07-12T03:31:26Z",
  "published": "2026-07-12T03:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15475"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-15475"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/833842"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377780"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/377780/cti"
    },
    {
      "type": "WEB",
      "url": "https://winslow1984.com/books/cve-collection/page/minitool-partition-wizard-kernel-driver-pwdrviosys-local-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "https://www.minitool.com/partition-manager/upgrade-history.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FX8Q-7873-HXRQ

Vulnerability from github – Published: 2026-02-08 09:30 – Updated: 2026-02-08 09:30
VLAI
Details

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-08T08:15:52Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-fx8q-7873-hxrq",
  "modified": "2026-02-08T09:30:15Z",
  "published": "2026-02-08T09:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2141"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SourByte05/SourByte-Lab/issues/8"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.344776"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.344776"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.747264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FXJ6-W3MV-7PG7

Vulnerability from github – Published: 2025-12-01 06:30 – Updated: 2025-12-01 06:30
VLAI
Details

A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13808"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-01T05:16:04Z",
    "severity": "MODERATE"
  },
  "details": "A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-fxj6-w3mv-7pg7",
  "modified": "2025-12-01T06:30:25Z",
  "published": "2025-12-01T06:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13808"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-privilege-escalation-1/report.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-privilege-escalation-1/report.md#proof-of-concept"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.333818"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.333818"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.692068"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FXRH-CWJH-M33V

Vulnerability from github – Published: 2026-05-21 03:30 – Updated: 2026-05-26 21:31
VLAI
Details

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. LiteSpeed WHM Plugin (the parent plugin) is unaffected. Detection is best done via a command line of grep -rE "cpanel_jsonapi_func=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2>/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-48172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-21T02:16:33Z",
    "severity": "CRITICAL"
  },
  "details": "LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. LiteSpeed WHM Plugin (the parent plugin) is unaffected. Detection is best done via a command line of grep -rE \"cpanel_jsonapi_func=redisAble\" /var/cpanel/logs /usr/local/cpanel/logs/ 2\u003e/dev/null in Bash. If you get no output, you have not been hit with exploitation of the vulnerability. If there is output, we recommend you examine the IP addresses in the list, determine if they are valid IP addresses, and if not, block them. To determine damage done, examine the system logs for use by the detected IP addresses. The issue is related to mishandling of Redis enable/disable features.",
  "id": "GHSA-fxrh-cwjh-m33v",
  "modified": "2026-05-26T21:31:37Z",
  "published": "2026-05-21T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48172"
    },
    {
      "type": "WEB",
      "url": "https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48172"
    },
    {
      "type": "WEB",
      "url": "https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/cpanel"
    },
    {
      "type": "WEB",
      "url": "https://www.litespeedtech.com/products/litespeed-web-server/control-panel-support/release-log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.