Common Weakness Enumeration

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CVE-2026-5215 (GCVE-0-2026-5215)

Vulnerability from cvelistv5 – Published: 2026-03-31 21:15 – Updated: 2026-04-01 18:46
VLAI
Title
D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control
Summary
A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/vuln/354351 vdb-entrytechnical-description
https://vuldb.com/vuln/354351/cti signaturepermissions-required
https://vuldb.com/submit/780440 third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Li… exploit
https://www.dlink.com/ product
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Ziyue Xie (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5215",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T18:46:15.471970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-01T18:46:26.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ziyue Xie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The impacted element is the function cgi_get_ipv6 of the file /cgi-bin/network_mgr.cgi. Such manipulation leads to improper access controls. The exploit is publicly available and might be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T21:15:19.202Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354351 | D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354351"
        },
        {
          "name": "VDB-354351 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354351/cti"
        },
        {
          "name": "Submit #780440 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780440"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_170/170.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-31T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-31T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-31T12:35:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5215",
    "datePublished": "2026-03-31T21:15:19.202Z",
    "dateReserved": "2026-03-31T10:29:41.841Z",
    "dateUpdated": "2026-04-01T18:46:26.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5311 (GCVE-0-2026-5311)

Vulnerability from cvelistv5 – Published: 2026-04-01 19:45 – Updated: 2026-04-02 15:27
VLAI
Title
D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control
Summary
A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/vuln/354640 vdb-entrytechnical-description
https://vuldb.com/vuln/354640/cti signaturepermissions-required
https://vuldb.com/submit/780441 third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/D-Li… exploit
https://www.dlink.com/ product
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Ziyue Xie (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5311",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T15:26:11.181157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T15:27:57.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ziyue Xie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T19:45:14.221Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354640 | D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354640"
        },
        {
          "name": "VDB-354640 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354640/cti"
        },
        {
          "name": "Submit #780441 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780441"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_171/171.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-01T14:18:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5311",
    "datePublished": "2026-04-01T19:45:14.221Z",
    "dateReserved": "2026-04-01T12:13:33.464Z",
    "dateUpdated": "2026-04-02T15:27:57.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5312 (GCVE-0-2026-5312)

Vulnerability from cvelistv5 – Published: 2026-04-01 20:30 – Updated: 2026-04-02 13:13
VLAI
Title
D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control
Summary
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
D-Link DNS-120 Affected: 20260205
Create a notification for this product.
D-Link DNR-202L Affected: 20260205
Create a notification for this product.
D-Link DNS-315L Affected: 20260205
Create a notification for this product.
D-Link DNS-320 Affected: 20260205
Create a notification for this product.
D-Link DNS-320L Affected: 20260205
Create a notification for this product.
D-Link DNS-320LW Affected: 20260205
Create a notification for this product.
D-Link DNS-321 Affected: 20260205
Create a notification for this product.
D-Link DNR-322L Affected: 20260205
Create a notification for this product.
D-Link DNS-323 Affected: 20260205
Create a notification for this product.
D-Link DNS-325 Affected: 20260205
Create a notification for this product.
D-Link DNS-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-327L Affected: 20260205
Create a notification for this product.
D-Link DNR-326 Affected: 20260205
Create a notification for this product.
D-Link DNS-340L Affected: 20260205
Create a notification for this product.
D-Link DNS-343 Affected: 20260205
Create a notification for this product.
D-Link DNS-345 Affected: 20260205
Create a notification for this product.
D-Link DNS-726-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1100-4 Affected: 20260205
Create a notification for this product.
D-Link DNS-1200-05 Affected: 20260205
Create a notification for this product.
D-Link DNS-1550-04 Affected: 20260205
Create a notification for this product.
Credits
Ziyue Xie (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5312",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T13:12:44.950286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T13:13:05.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DNS-120",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-202L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-315L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-320LW",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-321",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-322L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-323",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-325",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-327L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNR-326",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-340L",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-343",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-345",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-726-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1100-4",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1200-05",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        },
        {
          "product": "DNS-1550-04",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "20260205"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ziyue Xie (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T20:30:15.569Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354641 | D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354641"
        },
        {
          "name": "VDB-354641 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354641/cti"
        },
        {
          "name": "Submit #780442 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780442"
        },
        {
          "name": "Submit #780443 | D-Link DNS-120/202L/315L/320/320L/320LW/321/322L/323/325/326/327L/326/340L/343/345/726-4/1100-4/1200-05/1550-04 up to 20260205 Improper Access Controls (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780443"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_172/172.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link8/vuln_173/173.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-01T14:18:51.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5312",
    "datePublished": "2026-04-01T20:30:15.569Z",
    "dateReserved": "2026-04-01T12:13:37.400Z",
    "dateUpdated": "2026-04-02T13:13:05.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5330 (GCVE-0-2026-5330)

Vulnerability from cvelistv5 – Published: 2026-04-02 12:45 – Updated: 2026-04-02 14:19 X_Freeware
VLAI
Title
SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
Summary
A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/vuln/354664 vdb-entrytechnical-description
https://vuldb.com/vuln/354664/cti signaturepermissions-required
https://vuldb.com/submit/780734 third-party-advisory
https://github.com/zy606/Vulnerability-Report/tre… exploit
Credits
Zyyyy (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5330",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T14:19:28.837594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T14:19:51.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "User Delete Handler"
          ],
          "product": "Best Courier Management System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        },
        {
          "modules": [
            "User Delete Handler"
          ],
          "product": "Best Courier Management System",
          "vendor": "mayuri_k",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zyyyy (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.4,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T12:45:10.637Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354664 | SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354664"
        },
        {
          "name": "VDB-354664 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354664/cti"
        },
        {
          "name": "Submit #780734 | Mayuri K. Gaatitrack Courier Management System 1.0 Broken Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780734"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/zy606/Vulnerability-Report/tree/main/Gaatitrack-Unauth-Delete"
        }
      ],
      "tags": [
        "x_freeware"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-01T15:52:37.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5330",
    "datePublished": "2026-04-02T12:45:10.637Z",
    "dateReserved": "2026-04-01T13:47:29.145Z",
    "dateUpdated": "2026-04-02T14:19:51.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-53814 (GCVE-0-2026-53814)

Vulnerability from cvelistv5 – Published: 2026-06-11 20:08 – Updated: 2026-06-23 16:16 X_Open Source
VLAI
Title
OpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority
Summary
OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
OpenClaw OpenClaw Affected: 0 , < 2026.5.20 (semver)
Unaffected: 2026.5.20 (semver)
Create a notification for this product.
Date Public
2026-05-28 00:00
Credits
cantinagen Ellahi (@Ellahinator)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-13T03:55:39.726Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "OpenClaw",
          "repo": "https://github.com/openclaw/openclaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.5.20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
                  "versionEndExcluding": "2026.5.20",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "cantinagen"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ellahi (@Ellahinator)"
        }
      ],
      "datePublic": "2026-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token can exploit the /hooks/agent endpoint to cause spawned CLI runtimes to access or invoke owner-only MCP tools, potentially executing privileged actions like persistent cron state modifications."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T16:16:53.281Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-6fvr-66p3-3qj4)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-6fvr-66p3-3qj4"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-hook-triggered-cli-mcp-tool-authority"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "OpenClaw \u003c 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-53814",
    "datePublished": "2026-06-11T20:08:31.474Z",
    "dateReserved": "2026-06-10T21:14:38.834Z",
    "dateUpdated": "2026-06-23T16:16:53.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-53847 (GCVE-0-2026-53847)

Vulnerability from cvelistv5 – Published: 2026-06-16 18:04 – Updated: 2026-06-16 18:45 X_Open Source
VLAI
Title
OpenClaw < 2026.5.6 - Privilege Escalation via Active Memory Write Scope
Summary
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
OpenClaw OpenClaw Affected: 0 , < 2026.5.6 (semver)
Unaffected: 2026.5.6 (semver)
Create a notification for this product.
Date Public
2026-05-28 00:00
Credits
zsx (@zsxsoft) KeenSecurityLab qclawer
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53847",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T18:44:55.341954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T18:45:07.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "OpenClaw",
          "repo": "https://github.com/openclaw/openclaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.5.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.5.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
                  "versionEndExcluding": "2026.5.6",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "zsx (@zsxsoft)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "KeenSecurityLab"
        },
        {
          "lang": "en",
          "type": "tool",
          "value": "qclawer"
        }
      ],
      "datePublic": "2026-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T18:04:58.195Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-x629-46cc-7xgw)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw \u003c 2026.5.6 - Privilege Escalation via Active Memory Write Scope",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "OpenClaw \u003c 2026.5.6 - Privilege Escalation via Active Memory Write Scope",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-53847",
    "datePublished": "2026-06-16T18:04:58.195Z",
    "dateReserved": "2026-06-10T21:21:12.125Z",
    "dateUpdated": "2026-06-16T18:45:07.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-53862 (GCVE-0-2026-53862)

Vulnerability from cvelistv5 – Published: 2026-06-16 18:05 – Updated: 2026-06-16 18:36 X_Open Source
VLAI
Title
OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening
Summary
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
  • CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
Vendor Product Version
OpenClaw OpenClaw Affected: 0 , < 2026.5.12 (semver)
Unaffected: 2026.5.12 (semver)
Create a notification for this product.
Date Public
2026-05-28 00:00
Credits
Edward-x (@YLChen-007)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53862",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T18:31:01.331574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T18:36:00.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/openclaw",
          "product": "OpenClaw",
          "repo": "https://github.com/openclaw/openclaw",
          "vendor": "OpenClaw",
          "versions": [
            {
              "lessThan": "2026.5.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "2026.5.12",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
                  "versionEndExcluding": "2026.5.12",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Edward-x (@YLChen-007)"
        }
      ],
      "datePublic": "2026-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-345",
              "description": "Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T18:05:08.595Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "GitHub Security Advisory (GHSA-9v8j-9c9g-w66c)",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9v8j-9c9g-w66c"
        },
        {
          "name": "VulnCheck Advisory: OpenClaw \u003c 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/openclaw-bootstrap-token-replay-via-pending-pairing-scope-widening"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "title": "OpenClaw \u003c 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-53862",
    "datePublished": "2026-06-16T18:05:08.595Z",
    "dateReserved": "2026-06-10T21:22:34.480Z",
    "dateUpdated": "2026-06-16T18:36:00.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-53902 (GCVE-0-2026-53902)

Vulnerability from cvelistv5 – Published: 2026-07-01 11:58 – Updated: 2026-07-01 13:42
VLAI
Title
Privilege Escalation in MCO
Summary
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g. /customer/servlet/mco/webapi/group/picker/groups), provided he has necessary permissions, or potentially inferred through brute-force techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
MyComplianceOffice MCO Affected: 25.3.3.1 (custom)
Create a notification for this product.
Credits
Hubert Decyusz (AFINE Team)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T13:42:48.531051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T13:42:53.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MCO",
          "vendor": "MyComplianceOffice",
          "versions": [
            {
              "status": "affected",
              "version": "25.3.3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hubert Decyusz (AFINE Team)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "MCO does not properly enforce authorization checks in the \u003ci\u003e/customer/servlet/mco/webapi/profile-sections/group-membership\u003c/i\u003e endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation.\u003cbr\u003eAn attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g.\u0026nbsp;\u003ci\u003e/customer/servlet/mco/webapi/group/picker/groups\u003c/i\u003e), provided he has necessary permissions, or potentially inferred through brute-force techniques.\u003cbr\u003e\u003cp\u003e\u003cspan\u003e\u003cbr\u003eBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1\u0026nbsp;but may also affect other versions.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation.\nAn attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g.\u00a0/customer/servlet/mco/webapi/group/picker/groups), provided he has necessary permissions, or potentially inferred through brute-force techniques.\n\n\n\nBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1\u00a0but may also affect other versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T11:58:31.205Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2026/07/CVE-2026-53902"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://mco.mycomplianceoffice.com/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Escalation in MCO",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2026-53902",
    "datePublished": "2026-07-01T11:58:31.205Z",
    "dateReserved": "2026-06-11T07:44:52.179Z",
    "dateUpdated": "2026-07-01T13:42:53.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54196 (GCVE-0-2026-54196)

Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:16
VLAI
Title
WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Summary
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Jetmonsters JetFormBuilder Affected: n/a , ≤ 3.6.1 (custom)
Create a notification for this product.
Credits
Baikuya | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T12:16:09.056272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T12:16:17.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetformbuilder",
          "product": "JetFormBuilder",
          "vendor": "Jetmonsters",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.6.1.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.6.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Baikuya | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Subscriber Privilege Escalation in JetFormBuilder \u003c= 3.6.1 versions."
            }
          ],
          "value": "Subscriber Privilege Escalation in JetFormBuilder \u003c= 3.6.1 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T09:51:40.708Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/jetformbuilder/vulnerability/wordpress-jetformbuilder-plugin-3-6-1-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress JetFormBuilder Plugin to the latest available version (at least 3.6.1.1)."
            }
          ],
          "value": "Update the WordPress JetFormBuilder Plugin to the latest available version (at least 3.6.1.1)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress JetFormBuilder plugin \u003c= 3.6.1 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-54196",
    "datePublished": "2026-06-17T09:51:40.708Z",
    "dateReserved": "2026-06-12T09:16:00.860Z",
    "dateUpdated": "2026-06-17T12:16:17.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54805 (GCVE-0-2026-54805)

Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:11
VLAI
Title
WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability
Summary
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
sbouey Falang multilanguage Affected: n/a , ≤ 1.4.2 (custom)
Create a notification for this product.
Credits
ParkHyunWoo | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T12:10:35.997714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T12:11:22.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "falang",
          "product": "Falang multilanguage",
          "vendor": "sbouey",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.4.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ParkHyunWoo | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Subscriber Privilege Escalation in Falang multilanguage \u003c= 1.4.2 versions."
            }
          ],
          "value": "Subscriber Privilege Escalation in Falang multilanguage \u003c= 1.4.2 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T09:51:44.457Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/falang/vulnerability/wordpress-falang-multilanguage-plugin-1-4-2-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Falang multilanguage Plugin to the latest available version (at least 1.4.3)."
            }
          ],
          "value": "Update the WordPress Falang multilanguage Plugin to the latest available version (at least 1.4.3)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Falang multilanguage plugin \u003c= 1.4.2 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-54805",
    "datePublished": "2026-06-17T09:51:44.457Z",
    "dateReserved": "2026-06-16T09:21:34.477Z",
    "dateUpdated": "2026-06-17T12:11:22.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-1

Phases: Architecture and Design, Operation

Description:

  • Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17

Phases: Architecture and Design, Operation

Strategy: Environment Hardening

Description:

  • Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page