Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-M2M3-9R8X-6F7V

Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2025-08-28 15:30
VLAI
Details

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary commands due to improper privilege checks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-58322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-28T08:15:30Z",
    "severity": "HIGH"
  },
  "details": "NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM by executing arbitrary commands due to improper privilege checks.",
  "id": "GHSA-m2m3-9r8x-6f7v",
  "modified": "2025-08-28T15:30:39Z",
  "published": "2025-08-28T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58322"
    },
    {
      "type": "WEB",
      "url": "https://cve.naver.com/detail/cve-2025-58322.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M2V5-74W2-QHCJ

Vulnerability from github – Published: 2026-06-21 12:30 – Updated: 2026-06-21 12:30
VLAI
Details

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-12799"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-21T10:16:17Z",
    "severity": "LOW"
  },
  "details": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.",
  "id": "GHSA-m2v5-74w2-qhcj",
  "modified": "2026-06-21T12:30:52Z",
  "published": "2026-06-21T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12799"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-12799"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/811291"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/372561"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/372561/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M38R-3F3J-R43X

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19349"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-24T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
  "id": "GHSA-m38r-3f3j-r43x",
  "modified": "2022-05-24T17:45:09Z",
  "published": "2022-05-24T17:45:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19349"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793284"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-M3G5-FR99-8PGQ

Vulnerability from github – Published: 2024-04-25 09:32 – Updated: 2026-04-23 15:32
VLAI
Details

Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51484"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-25T09:15:07Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8.",
  "id": "GHSA-m3g5-fr99-8pgq",
  "modified": "2026-04-23T15:32:19Z",
  "published": "2024-04-25T09:32:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51484"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/login-as-customer-or-user/vulnerability/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/login-as-customer-or-user/wordpress-login-as-user-or-customer-plugin-3-8-unauthenticated-account-takeover-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M43J-VX3F-QC3C

Vulnerability from github – Published: 2026-02-27 00:31 – Updated: 2026-02-27 00:31
VLAI
Details

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-26T22:20:52Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-m43j-vx3f-qc3c",
  "modified": "2026-02-27T00:31:45Z",
  "published": "2026-02-27T00:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3263"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisories/blob/main/Asp.Net-Core-Inventory-Order-Management-System%20IDOR%20to%20Full%20System%20Compromise.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.347986"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.347986"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.758335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M4HG-PXFP-9FHC

Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-29 21:30
VLAI
Details

Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-67953"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-22T17:16:04Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through \u003c= 1.16.44.",
  "id": "GHSA-m4hg-pxfp-9fhc",
  "modified": "2026-01-29T21:30:27Z",
  "published": "2026-01-22T18:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67953"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/booking-activities/vulnerability/wordpress-booking-activities-plugin-1-16-44-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4J4-8CHJ-8G5F

Vulnerability from github – Published: 2026-06-30 15:30 – Updated: 2026-06-30 15:30
VLAI
Details

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens, resulting in privilege escalation and full administrative access to the realm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4629"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T13:18:59Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.",
  "id": "GHSA-m4j4-8chj-8g5f",
  "modified": "2026-06-30T15:30:44Z",
  "published": "2026-06-30T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4629"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-4629"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450244"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M4RC-HJCV-QH78

Vulnerability from github – Published: 2025-01-04 12:30 – Updated: 2025-01-04 12:30
VLAI
Details

A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-04T12:15:24Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-m4rc-hjcv-qh78",
  "modified": "2025-01-04T12:30:32Z",
  "published": "2025-01-04T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0206"
    },
    {
      "type": "WEB",
      "url": "https://code-projects.org"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/th4s1s/955b71b20235dddf30689d4b85b4d271"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.290143"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.290143"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.474033"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-M52W-76VQ-GJVM

Vulnerability from github – Published: 2025-07-04 12:30 – Updated: 2026-04-01 18:35
VLAI
Details

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T12:15:32Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.",
  "id": "GHSA-m52w-76vq-gjvm",
  "modified": "2026-04-01T18:35:45Z",
  "published": "2025-07-04T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49867"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-realhomes-4-4-0-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M5MF-VC32-X88H

Vulnerability from github – Published: 2025-09-12 15:31 – Updated: 2025-09-12 15:31
VLAI
Details

A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-12T15:15:32Z",
    "severity": "MODERATE"
  },
  "details": "A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-m5mf-vc32-x88h",
  "modified": "2025-09-12T15:31:17Z",
  "published": "2025-09-12T15:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10319"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323743"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323743"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.643839"
    },
    {
      "type": "WEB",
      "url": "https://www.cnblogs.com/aibot/p/19063358"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.