CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-M2M3-9R8X-6F7V
Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2025-08-28 15:30NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary commands due to improper privilege checks.
{
"affected": [],
"aliases": [
"CVE-2025-58322"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-28T08:15:30Z",
"severity": "HIGH"
},
"details": "NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM by executing arbitrary commands due to improper privilege checks.",
"id": "GHSA-m2m3-9r8x-6f7v",
"modified": "2025-08-28T15:30:39Z",
"published": "2025-08-28T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58322"
},
{
"type": "WEB",
"url": "https://cve.naver.com/detail/cve-2025-58322.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M2V5-74W2-QHCJ
Vulnerability from github – Published: 2026-06-21 12:30 – Updated: 2026-06-21 12:30A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-12799"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-21T10:16:17Z",
"severity": "LOW"
},
"details": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.",
"id": "GHSA-m2v5-74w2-qhcj",
"modified": "2026-06-21T12:30:52Z",
"published": "2026-06-21T12:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12799"
},
{
"type": "WEB",
"url": "https://gist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-12799"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/811291"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/372561"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/372561/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M38R-3F3J-R43X
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
{
"affected": [],
"aliases": [
"CVE-2019-19349"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-24T16:15:00Z",
"severity": "HIGH"
},
"details": "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
"id": "GHSA-m38r-3f3j-r43x",
"modified": "2022-05-24T17:45:09Z",
"published": "2022-05-24T17:45:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19349"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793284"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M3G5-FR99-8PGQ
Vulnerability from github – Published: 2024-04-25 09:32 – Updated: 2026-04-23 15:32Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.
{
"affected": [],
"aliases": [
"CVE-2023-51484"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-287"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-25T09:15:07Z",
"severity": "CRITICAL"
},
"details": "Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.",
"id": "GHSA-m3g5-fr99-8pgq",
"modified": "2026-04-23T15:32:19Z",
"published": "2024-04-25T09:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51484"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/login-as-customer-or-user/vulnerability/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M43J-VX3F-QC3C
Vulnerability from github – Published: 2026-02-27 00:31 – Updated: 2026-02-27 00:31A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-3263"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-26T22:20:52Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-m43j-vx3f-qc3c",
"modified": "2026-02-27T00:31:45Z",
"published": "2026-02-27T00:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3263"
},
{
"type": "WEB",
"url": "https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisories/blob/main/Asp.Net-Core-Inventory-Order-Management-System%20IDOR%20to%20Full%20System%20Compromise.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.347986"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.347986"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.758335"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M4HG-PXFP-9FHC
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-29 21:30Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44.
{
"affected": [],
"aliases": [
"CVE-2025-67953"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:04Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through \u003c= 1.16.44.",
"id": "GHSA-m4hg-pxfp-9fhc",
"modified": "2026-01-29T21:30:27Z",
"published": "2026-01-22T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67953"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/booking-activities/vulnerability/wordpress-booking-activities-plugin-1-16-44-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M4J4-8CHJ-8G5F
Vulnerability from github – Published: 2026-06-30 15:30 – Updated: 2026-06-30 15:30A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens, resulting in privilege escalation and full administrative access to the realm.
{
"affected": [],
"aliases": [
"CVE-2026-4629"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T13:18:59Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.",
"id": "GHSA-m4j4-8chj-8g5f",
"modified": "2026-06-30T15:30:44Z",
"published": "2026-06-30T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4629"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4629"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450244"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M4RC-HJCV-QH78
Vulnerability from github – Published: 2025-01-04 12:30 – Updated: 2025-01-04 12:30A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-0206"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-04T12:15:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-m4rc-hjcv-qh78",
"modified": "2025-01-04T12:30:32Z",
"published": "2025-01-04T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0206"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://gist.github.com/th4s1s/955b71b20235dddf30689d4b85b4d271"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290143"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290143"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.474033"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M52W-76VQ-GJVM
Vulnerability from github – Published: 2025-07-04 12:30 – Updated: 2026-04-01 18:35Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.
{
"affected": [],
"aliases": [
"CVE-2025-49867"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T12:15:32Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.",
"id": "GHSA-m52w-76vq-gjvm",
"modified": "2026-04-01T18:35:45Z",
"published": "2025-07-04T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49867"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-realhomes-4-4-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M5MF-VC32-X88H
Vulnerability from github – Published: 2025-09-12 15:31 – Updated: 2025-09-12 15:31A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10319"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-12T15:15:32Z",
"severity": "MODERATE"
},
"details": "A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-m5mf-vc32-x88h",
"modified": "2025-09-12T15:31:17Z",
"published": "2025-09-12T15:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10319"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323743"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323743"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.643839"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063358"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.