CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-2479-2FRF-9263
Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-11 00:32Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.
{
"affected": [],
"aliases": [
"CVE-2024-13248"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T19:15:18Z",
"severity": "MODERATE"
},
"details": "Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.",
"id": "GHSA-2479-2frf-9263",
"modified": "2025-01-11T00:32:04Z",
"published": "2025-01-09T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13248"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2024-012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-25QH-97QQ-X7C4
Vulnerability from github – Published: 2025-07-08 03:31 – Updated: 2025-07-08 03:31SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.
{
"affected": [],
"aliases": [
"CVE-2025-43001"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T01:15:26Z",
"severity": "MODERATE"
},
"details": "SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.",
"id": "GHSA-25qh-97qq-x7c4",
"modified": "2025-07-08T03:31:01Z",
"published": "2025-07-08T03:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43001"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3595143"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2656-4HRH-2J7F
Vulnerability from github – Published: 2025-09-23 00:32 – Updated: 2025-09-23 00:32A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-10822"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T00:15:35Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-2656-4hrh-2j7f",
"modified": "2025-09-23T00:32:03Z",
"published": "2025-09-23T00:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10822"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.325179"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.325179"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.653743"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063462"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2697-96MV-3GFM
Vulnerability from github – Published: 2024-12-30 15:31 – Updated: 2024-12-30 18:45TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "nilsteampassnet/teampass"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-50701"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-285"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-30T18:06:11Z",
"nvd_published_at": "2024-12-30T15:15:10Z",
"severity": "MODERATE"
},
"details": "TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user\u0027s allowed folders list that has been defined by an admin.",
"id": "GHSA-2697-96mv-3gfm",
"modified": "2024-12-30T18:45:26Z",
"published": "2024-12-30T15:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50701"
},
{
"type": "WEB",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d"
},
{
"type": "PACKAGE",
"url": "https://github.com/nilsteampassnet/TeamPass"
},
{
"type": "WEB",
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1"
},
{
"type": "WEB",
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "TeamPass does not properly check whether a folder is in a user\u0027s allowed folders list"
}
GHSA-2723-63P7-CXPV
Vulnerability from github – Published: 2025-06-02 03:30 – Updated: 2025-06-02 03:30A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-5426"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-02T03:15:25Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-2723-63p7-cxpv",
"modified": "2025-06-02T03:30:24Z",
"published": "2025-06-02T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5426"
},
{
"type": "WEB",
"url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_acess_modify_menu.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.310759"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.310759"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.584054"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2732-HQJR-J84C
Vulnerability from github – Published: 2026-01-16 21:30 – Updated: 2026-01-16 21:30Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.
{
"affected": [],
"aliases": [
"CVE-2026-23800"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-16T21:15:52Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.",
"id": "GHSA-2732-hqjr-j84c",
"modified": "2026-01-16T21:30:37Z",
"published": "2026-01-16T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23800"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/modular-connector/vulnerability/wordpress-modular-ds-plugin-2-5-2-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-27F4-GXM8-Q49Q
Vulnerability from github – Published: 2026-05-26 21:32 – Updated: 2026-05-26 21:32A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended.
{
"affected": [],
"aliases": [
"CVE-2026-9581"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T21:16:45Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended.",
"id": "GHSA-27f4-gxm8-q49q",
"modified": "2026-05-26T21:32:02Z",
"published": "2026-05-26T21:32:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9581"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot/issues/9598"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot/issues/9598#issuecomment-4385719753"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot"
},
{
"type": "WEB",
"url": "https://github.com/jeecgboot/JeecgBoot/releases/tag/v3.9.2"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/817918"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365637"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365637/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-27P7-FQ6V-HH4M
Vulnerability from github – Published: 2026-03-30 06:30 – Updated: 2026-03-30 06:30A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
{
"affected": [],
"aliases": [
"CVE-2026-5107"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-30T06:16:05Z",
"severity": "LOW"
},
"details": "A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.",
"id": "GHSA-27p7-fq6v-hh4m",
"modified": "2026-03-30T06:30:26Z",
"published": "2026-03-30T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5107"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/21098"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/commit/7676cad65114aa23adde583d91d9d29e2debd045"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/780123"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/354132"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/354132/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2882-XFPF-CHQJ
Vulnerability from github – Published: 2025-08-20 09:30 – Updated: 2026-04-01 18:35Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1.
{
"affected": [],
"aliases": [
"CVE-2025-49422"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T08:15:37Z",
"severity": "MODERATE"
},
"details": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1.",
"id": "GHSA-2882-xfpf-chqj",
"modified": "2026-04-01T18:35:54Z",
"published": "2025-08-20T09:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49422"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/support-ticket/vulnerability/wordpress-support-ticket-plugin-1-9-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/iframe-wrapper/vulnerability/wordpress-iframe-wrapper-plugin-0-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-28G2-HHG9-HHQ8
Vulnerability from github – Published: 2026-06-15 06:31 – Updated: 2026-06-15 06:31A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-12217"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T04:16:26Z",
"severity": "HIGH"
},
"details": "A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-28g2-hhg9-hhq8",
"modified": "2026-06-15T06:31:39Z",
"published": "2026-06-15T06:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12217"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-12217"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/833857"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370860"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370860/cti"
},
{
"type": "WEB",
"url": "https://winslow1984.com/books/cve-collection/page/dvdfab-virtual-drive-kernel-driver-dvdfabiosys-local-privilege-escalation"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.