CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-GH3W-5FJX-5F7X
Vulnerability from github – Published: 2026-05-04 03:31 – Updated: 2026-06-15 21:30A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2026-42368"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T01:16:04Z",
"severity": "CRITICAL"
},
"details": "A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.",
"id": "GHSA-gh3w-5fjx-5f7x",
"modified": "2026-06-15T21:30:25Z",
"published": "2026-05-04T03:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42368"
},
{
"type": "WEB",
"url": "https://https://talosintelligence.com/vulnerability_reports"
},
{
"type": "WEB",
"url": "https://www.geovision.com.tw/cyber_security.php"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2329"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GH66-Q8V2-V5PC
Vulnerability from github – Published: 2025-01-21 15:31 – Updated: 2026-04-01 18:33Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.
{
"affected": [],
"aliases": [
"CVE-2024-32555"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T14:15:07Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.",
"id": "GHSA-gh66-q8v2-v5pc",
"modified": "2026-04-01T18:33:17Z",
"published": "2025-01-21T15:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32555"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GHFV-MCWG-V5XW
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:49A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.
{
"affected": [],
"aliases": [
"CVE-2019-11891"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-29T20:29:00Z",
"severity": "HIGH"
},
"details": "A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary\u0027s choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.",
"id": "GHSA-ghfv-mcwg-v5xw",
"modified": "2024-04-04T00:49:17Z",
"published": "2022-05-24T16:46:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11891"
},
{
"type": "WEB",
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GJ3H-R32M-QJHW
Vulnerability from github – Published: 2026-02-16 15:32 – Updated: 2026-02-16 15:32A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-2561"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-16T15:18:34Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-gj3h-r32m-qjhw",
"modified": "2026-02-16T15:32:47Z",
"published": "2026-02-16T15:32:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2561"
},
{
"type": "WEB",
"url": "https://my.feishu.cn/wiki/URLywnBj2i2dpBk3dcQcWqFZnSK"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.346168"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.346168"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.750977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GJ5F-4C2G-54HQ
Vulnerability from github – Published: 2026-02-20 18:31 – Updated: 2026-02-20 18:31A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\CustomerController.java of the component Customer Endpoint. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2850"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T18:25:53Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\bus\\controller\\CustomerController.java of the component Customer Endpoint. Performing a manipulation results in improper access controls. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-gj5f-4c2g-54hq",
"modified": "2026-02-20T18:31:40Z",
"published": "2026-02-20T18:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2850"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/61"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/61#issue-3846669982"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.347086"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.347086"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.754429"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GJFF-P6FF-7G4F
Vulnerability from github – Published: 2025-12-25 21:30 – Updated: 2025-12-25 21:30A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-15084"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-25T19:15:39Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-gjff-p6ff-7g4f",
"modified": "2025-12-25T21:30:11Z",
"published": "2025-12-25T21:30:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15084"
},
{
"type": "WEB",
"url": "https://github.com/Hwwg/cve/issues/24"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.338412"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.338412"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.708174"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GJJ3-8GX6-J9W7
Vulnerability from github – Published: 2025-03-26 18:30 – Updated: 2025-10-03 09:30Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects Fast CAD Reader in possibly all versions since the vendor has not responded to our messages. The tested version was 4.1.5
{
"affected": [],
"aliases": [
"CVE-2025-2098"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-26T16:15:23Z",
"severity": "HIGH"
},
"details": "Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects Fast CAD Reader\u00a0in possibly all versions since the vendor has not responded to our messages. The tested version was 4.1.5",
"id": "GHSA-gjj3-8gx6-j9w7",
"modified": "2025-10-03T09:30:19Z",
"published": "2025-03-26T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2098"
},
{
"type": "WEB",
"url": "https://apps.apple.com/pl/app/fast-cad-reader/id1484905765"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/03/CVE-2025-2098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GJP6-48WM-M8CR
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2024-04-04 03:05An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
{
"affected": [],
"aliases": [
"CVE-2019-19350"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T16:15:00Z",
"severity": "HIGH"
},
"details": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
"id": "GHSA-gjp6-48wm-m8cr",
"modified": "2024-04-04T03:05:22Z",
"published": "2022-05-24T17:45:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19350"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GM9V-2778-R2WP
Vulnerability from github – Published: 2025-06-05 09:30 – Updated: 2025-06-05 09:30A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-5649"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-05T09:15:23Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-gm9v-2778-r2wp",
"modified": "2025-06-05T09:30:25Z",
"published": "2025-06-05T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5649"
},
{
"type": "WEB",
"url": "https://github.com/Watskip/GeneralResearch/blob/main/Exploits/SRMS/Unauthorized%20privileged%20user%20creation.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.311139"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.311139"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.589458"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GQP3-HFC3-8Q54
Vulnerability from github – Published: 2026-04-20 12:32 – Updated: 2026-04-28 23:21A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/usememos/memos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.22.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6634"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-28T23:21:49Z",
"nvd_published_at": "2026-04-20T12:16:09Z",
"severity": "LOW"
},
"details": "A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-gqp3-hfc3-8q54",
"modified": "2026-04-28T23:21:49Z",
"published": "2026-04-20T12:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6634"
},
{
"type": "WEB",
"url": "https://github.com/Dave-gilmore-aus/security-advisories/blob/main/usememos-security-advisory"
},
{
"type": "PACKAGE",
"url": "https://github.com/usememos/memos"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/793432"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/358268"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/358268/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Memos has an Incorrect Privilege Assignment issue"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.