CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-2HFM-WH8P-MFQM
Vulnerability from github – Published: 2026-02-08 03:30 – Updated: 2026-02-08 03:30A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.
{
"affected": [],
"aliases": [
"CVE-2026-2209"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-08T02:15:57Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authorization. The attack can be launched remotely. Upgrading to version 8.19 is sufficient to fix this issue. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to upgrade the affected component.",
"id": "GHSA-2hfm-wh8p-mfqm",
"modified": "2026-02-08T03:30:27Z",
"published": "2026-02-08T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2209"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/releases/tag/v8.19"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.344923"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.344923"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.752269"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2HP6-4VGR-WVJW
Vulnerability from github – Published: 2024-09-11 06:30 – Updated: 2024-09-11 06:30The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.
{
"affected": [],
"aliases": [
"CVE-2024-8253"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-11T04:15:05Z",
"severity": "HIGH"
},
"details": "The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.",
"id": "GHSA-2hp6-4vgr-wvjw",
"modified": "2024-09-11T06:30:39Z",
"published": "2024-09-11T06:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8253"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/form-wrap/functions.php#L3032"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3130155/post-grid/tags/2.2.87/includes/blocks/form-wrap/functions.php"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3146752/post-grid/tags/2.2.91/includes/blocks/form-wrap/functions.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2HRX-XX6V-C3V2
Vulnerability from github – Published: 2024-08-08 18:31 – Updated: 2025-10-01 03:30An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
{
"affected": [],
"aliases": [
"CVE-2024-7480"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-08T16:15:09Z",
"severity": "MODERATE"
},
"details": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.",
"id": "GHSA-2hrx-xx6v-c3v2",
"modified": "2025-10-01T03:30:26Z",
"published": "2024-08-08T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7480"
},
{
"type": "WEB",
"url": "https://download.avaya.com/css/public/documents/101091159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2J2W-6VXV-4P23
Vulnerability from github – Published: 2025-07-26 09:31 – Updated: 2025-07-26 09:31A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
{
"affected": [],
"aliases": [
"CVE-2025-8181"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-26T07:15:26Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.",
"id": "GHSA-2j2w-6vxv-4p23",
"modified": "2025-07-26T09:31:56Z",
"published": "2025-07-26T09:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8181"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317595"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317595"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.621966"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.621968"
},
{
"type": "WEB",
"url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2J3R-X22C-HQX9
Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-11-06 18:32Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.
{
"affected": [],
"aliases": [
"CVE-2024-58273"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-30T22:15:46Z",
"severity": "HIGH"
},
"details": "Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows\u00a0an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host.",
"id": "GHSA-2j3r-x22c-hqx9",
"modified": "2025-11-06T18:32:48Z",
"published": "2025-10-31T00:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58273"
},
{
"type": "WEB",
"url": "https://www.nagios.com/changelog/#log-server-2024R1"
},
{
"type": "WEB",
"url": "https://www.nagios.com/products/security/#log-server"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/nagios-log-server-lpe-from-apache-backend-shell-user-to-root"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2J6V-89GR-9CRM
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
{
"affected": [],
"aliases": [
"CVE-2026-20852"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:13Z",
"severity": "HIGH"
},
"details": "Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.",
"id": "GHSA-2j6v-89gr-9crm",
"modified": "2026-01-13T18:31:09Z",
"published": "2026-01-13T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20852"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20852"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2JP3-2VFH-535W
Vulnerability from github – Published: 2024-12-31 15:30 – Updated: 2026-04-01 18:32Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.
{
"affected": [],
"aliases": [
"CVE-2024-56043"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-31T14:15:24Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.",
"id": "GHSA-2jp3-2vfh-535w",
"modified": "2026-04-01T18:32:54Z",
"published": "2024-12-31T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56043"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/wplms_plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2JQP-6HX7-PHH8
Vulnerability from github – Published: 2026-05-02 15:30 – Updated: 2026-05-02 15:30A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-7644"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-02T15:16:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in ChatGPTNextWeb NextChat up to 2.16.1. Affected is the function addMcpServer of the file app/mcp/actions.ts. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-2jqp-6hx7-phh8",
"modified": "2026-05-02T15:30:27Z",
"published": "2026-05-02T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7644"
},
{
"type": "WEB",
"url": "https://github.com/ChatGPTNextWeb/NextChat/issues/6757"
},
{
"type": "WEB",
"url": "https://github.com/ChatGPTNextWeb/NextChat"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/806851"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360756"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360756/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2M3C-QQ7F-8PPQ
Vulnerability from github – Published: 2025-01-09 03:30 – Updated: 2025-01-09 03:30A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-13200"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T03:15:23Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-2m3c-qq7f-8ppq",
"modified": "2025-01-09T03:30:49Z",
"published": "2025-01-09T03:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13200"
},
{
"type": "WEB",
"url": "https://github.com/wander-chu/SpringBoot-Blog/issues/4"
},
{
"type": "WEB",
"url": "https://github.com/wander-chu/SpringBoot-Blog/issues/4#issue-2761636207"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.290793"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.290793"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.470902"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-2M47-WRP6-46M6
Vulnerability from github – Published: 2026-06-09 03:31 – Updated: 2026-06-09 03:31A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.
{
"affected": [],
"aliases": [
"CVE-2026-11619"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T03:16:25Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 23.0.3 is sufficient to resolve this issue. The identifier of the patch is f1b2dd6481e22cacb561d29ffdcd3a50b618479d. Upgrading the affected component is advised.",
"id": "GHSA-2m47-wrp6-46m6",
"modified": "2026-06-09T03:31:40Z",
"published": "2026-06-09T03:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11619"
},
{
"type": "WEB",
"url": "https://github.com/dolibarr/dolibarr/commit/f1b2dd6481e22cacb561d29ffdcd3a50b618479d"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/releases/tag/23.0.3"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-11619"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/834038"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369300"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369300/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.