CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CVE-2026-22043 (GCVE-0-2026-22043)
Vulnerability from cvelistv5 – Published: 2026-01-08 15:03 – Updated: 2026-01-08 15:54
VLAI
Title
RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting
Summary
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rustfs/rustfs/security/advisor… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22043",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T15:50:39.622470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:54:47.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rustfs",
"vendor": "rustfs",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0-alpha.13, \u003c 1.0.0-alpha.79"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent\u2019s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T15:03:59.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9"
}
],
"source": {
"advisory": "GHSA-xgr5-qc6w-vcg9",
"discovery": "UNKNOWN"
},
"title": "RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22043",
"datePublished": "2026-01-08T15:03:59.313Z",
"dateReserved": "2026-01-05T22:30:38.720Z",
"dateUpdated": "2026-01-08T15:54:47.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22238 (GCVE-0-2026-22238)
Vulnerability from cvelistv5 – Published: 2026-01-14 14:38 – Updated: 2026-01-14 15:00
VLAI
Title
Administrator Account Creation Vulnerability in BLUVOYIX
Summary
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in to the newly-created admin user.
Severity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blusparkglobal.com/bluvoyix/ |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bluspark Global | BLUVOYIX |
Affected:
0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T14:59:59.271058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T15:00:10.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BLUVOYIX",
"vendor": "Bluspark Global",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Eaton Zveare."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers\u0027 data and completely compromise the targeted platform by logging in to the newly-created admin user.\u003cbr\u003e"
}
],
"value": "The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers\u0027 data and completely compromise the targeted platform by logging in to the newly-created admin user."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T14:38:55.583Z",
"orgId": "56a186b1-7f5e-4314-ba38-38d5499fccfd",
"shortName": "MHV"
},
"references": [
{
"url": "https://blusparkglobal.com/bluvoyix/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Administrator Account Creation Vulnerability in BLUVOYIX",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "56a186b1-7f5e-4314-ba38-38d5499fccfd",
"assignerShortName": "MHV",
"cveId": "CVE-2026-22238",
"datePublished": "2026-01-14T14:38:55.583Z",
"dateReserved": "2026-01-06T23:20:59.365Z",
"dateUpdated": "2026-01-14T15:00:10.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22536 (GCVE-0-2026-22536)
Vulnerability from cvelistv5 – Published: 2026-01-07 16:47 – Updated: 2026-01-07 17:19 X_Ics X_Charger
VLAI
Title
PRIVILEGE ESCALATION VIA SUDO COMMAND
Summary
The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cds.thalesgroup.com/en |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EFACEC | QC 60/90/120 |
Affected:
8
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T17:19:05.382177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T17:19:18.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QC 60/90/120",
"vendor": "EFACEC",
"versions": [
{
"status": "affected",
"version": "8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aar\u00f3n Flecha Men\u00e9ndez"
},
{
"lang": "en",
"type": "finder",
"value": "Iv\u00e1n Alonso \u00c1lvarez"
},
{
"lang": "en",
"type": "finder",
"value": "V\u00edctor Bello Cuevas"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions"
}
],
"value": "The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:47:13.940Z",
"orgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
"shortName": "S21sec"
},
"references": [
{
"url": "https://cds.thalesgroup.com/en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_ICS",
"x_Charger"
],
"title": "PRIVILEGE ESCALATION VIA SUDO COMMAND",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
"assignerShortName": "S21sec",
"cveId": "CVE-2026-22536",
"datePublished": "2026-01-07T16:47:13.940Z",
"dateReserved": "2026-01-07T14:01:04.828Z",
"dateUpdated": "2026-01-07T17:19:18.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22708 (GCVE-0-2026-22708)
Vulnerability from cvelistv5 – Published: 2026-01-14 16:43 – Updated: 2026-01-14 16:59
VLAI
Title
Cursor has a Terminal Tool Allowlist Bypass via Environment Variables
Summary
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval.
This allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3.
Severity
CWE
- CWE-15 - External Control of System or Configuration Setting
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/cursor/cursor/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T16:59:44.747154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:59:53.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cursor",
"vendor": "cursor",
"versions": [
{
"status": "affected",
"version": "\u003c 2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval.\nThis allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:43:54.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cursor/cursor/security/advisories/GHSA-82wg-qcm4-fp2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cursor/cursor/security/advisories/GHSA-82wg-qcm4-fp2w"
}
],
"source": {
"advisory": "GHSA-82wg-qcm4-fp2w",
"discovery": "UNKNOWN"
},
"title": "Cursor has a Terminal Tool Allowlist Bypass via Environment Variables"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22708",
"datePublished": "2026-01-14T16:43:54.000Z",
"dateReserved": "2026-01-08T19:23:09.857Z",
"dateUpdated": "2026-01-14T16:59:53.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22721 (GCVE-0-2026-22721)
Vulnerability from cvelistv5 – Published: 2026-02-25 20:00 – Updated: 2026-02-27 04:55
VLAI
Title
VMware Aria Operations privilege escalation vulnerability
Summary
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .
Severity
6.2 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.broadcom.com/web/ecx/support-cont… | vendor-advisory |
| https://techdocs.broadcom.com/us/en/vmware-cis/ar… | release-notes |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | VMware Aria Operations |
Affected:
8.18.0 , < 8.18.6
(custom)
Unaffected: 8.18.6 |
|
| VMware | VMware Cloud Foundation |
Affected:
4.0 , < 5.2.3
(custom)
Affected: 9.0 , < 9.0.2 (custom) Unaffected: 5.2.3 Unaffected: 9.0.2 |
|
| VMware | VMware Telco Cloud Platform |
Affected:
4.0 , < 5.2.3
(custom)
Unaffected: 5.2.3 (custom) |
|
| VMware | VMware Telco Cloud Infrastructure |
Affected:
2.0 , < 5.2.3
(custom)
Unaffected: 5.2.3 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T04:55:47.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "vmware-aria-operations",
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.6",
"status": "affected",
"version": "8.18.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "8.18.6"
}
]
},
{
"defaultStatus": "affected",
"packageName": "vmware-cloud-foundation-operations",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "5.2.3",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "9.0.2",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.2.3"
},
{
"status": "unaffected",
"version": "9.0.2"
}
]
},
{
"defaultStatus": "affected",
"packageName": "vmware-telco-cloud-platform",
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "5.2.3",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.2.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"packageName": "vmware-telco-cloud-infrastructure",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"lessThan": "5.2.3",
"status": "affected",
"version": "2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.2.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947\"\u003eVMSA-2026-0001\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found in\u00a0 VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:00:15.719Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "VMSA-2026-0001: VMware Aria Operations updates (includes CVE-2026-22721)",
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947"
},
{
"name": "VMware Aria Operations 8.18.6 Release Notes (resolves CVE-2026-22721)",
"tags": [
"release-notes"
],
"url": "https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8186-release-notes.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo remediate CVE-2026-22721, apply the vendor patches listed in the \u0027Fixed Version\u0027 column of the Response Matrix in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947\"\u003eVMSA-2026-0001\u003c/a\u003e. Fixed versions include VMware Aria Operations 8.18.6 (for 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for 9.x).\u003c/p\u003e"
}
],
"value": "To remediate CVE-2026-22721, apply the vendor patches listed in the \u0027Fixed Version\u0027 column of the Response Matrix in\u00a0 VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 . Fixed versions include VMware Aria Operations 8.18.6 (for 8.x) and VMware Cloud Foundation Operations 9.0.2.0 (for 9.x)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware Aria Operations privilege escalation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22721",
"datePublished": "2026-02-25T20:00:15.719Z",
"dateReserved": "2026-01-09T06:54:36.841Z",
"dateUpdated": "2026-02-27T04:55:47.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22804 (GCVE-0-2026-22804)
Vulnerability from cvelistv5 – Published: 2026-01-12 22:14 – Updated: 2026-01-13 19:07
VLAI
Title
Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser
Summary
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0.
Severity
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/Termix-SSH/Termix/security/adv… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Termix-SSH | Termix |
Affected:
>= 1.7.0, < 1.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22804",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:13:52.820529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:07:57.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Termix-SSH/Termix/security/advisories/GHSA-m3cv-5hgp-hv35"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Termix",
"vendor": "Termix-SSH",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T22:14:03.762Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Termix-SSH/Termix/security/advisories/GHSA-m3cv-5hgp-hv35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Termix-SSH/Termix/security/advisories/GHSA-m3cv-5hgp-hv35"
}
],
"source": {
"advisory": "GHSA-m3cv-5hgp-hv35",
"discovery": "UNKNOWN"
},
"title": "Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22804",
"datePublished": "2026-01-12T22:14:03.762Z",
"dateReserved": "2026-01-09T22:50:10.287Z",
"dateUpdated": "2026-01-13T19:07:57.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23477 (GCVE-0-2026-23477)
Vulnerability from cvelistv5 – Published: 2026-01-14 18:16 – Updated: 2026-01-14 21:14
VLAI
Title
Rocket.Chat Unauthorized Access to OAuth App Details
Summary
Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.
Severity
7.7 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/RocketChat/Rocket.Chat/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| RocketChat | Rocket.Chat |
Affected:
< 6.12.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23477",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:13:59.771321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:14:08.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rocket.Chat",
"vendor": "RocketChat",
"versions": [
{
"status": "affected",
"version": "\u003c 6.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:16:05.178Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2"
}
],
"source": {
"advisory": "GHSA-g4wm-fg3c-g4p2",
"discovery": "UNKNOWN"
},
"title": "Rocket.Chat Unauthorized Access to OAuth App Details"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23477",
"datePublished": "2026-01-14T18:16:05.178Z",
"dateReserved": "2026-01-13T15:47:41.627Z",
"dateUpdated": "2026-01-14T21:14:08.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23663 (GCVE-0-2026-23663)
Vulnerability from cvelistv5 – Published: 2026-05-22 22:04 – Updated: 2026-05-27 03:55 Exclusively Hosted Service
VLAI
Title
Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability
Summary
Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Global Secure Access (GSA) |
Affected:
-
|
Date Public
2026-05-21 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T03:55:27.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Global Secure Access (GSA)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:global_secure_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-21T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:57:22.667Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23663"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-23663",
"datePublished": "2026-05-22T22:04:41.483Z",
"dateReserved": "2026-01-14T16:59:33.463Z",
"dateUpdated": "2026-05-27T03:55:27.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2375 (GCVE-0-2026-2375)
Vulnerability from cvelistv5 – Published: 2026-03-21 03:26 – Updated: 2026-04-08 16:34
VLAI
Title
App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter
Summary
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the `verify_role()` function in `AuthTrails.php` explicitly whitelisting the `wcfm_vendor` role alongside `subscriber` and `customer`, and assigning it directly via `wp_insert_user()` without integrating with WCFM Marketplace's vendor approval workflow. This makes it possible for unauthenticated attackers to register an account with the `wcfm_vendor` role by supplying the `role` parameter in the `/wp-json/app-builder/v1/register` REST API endpoint, bypassing the standard WCFM vendor approval process and immediately gaining vendor-level privileges (product management, order access, store management) on sites where WCFM Marketplace is active.
Severity
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| appcheap | App Builder – Create Native Android & iOS Apps On The Flight |
Affected:
0 , ≤ 5.5.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T13:44:12.214006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T13:44:38.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Builder \u2013 Create Native Android \u0026 iOS Apps On The Flight",
"vendor": "appcheap",
"versions": [
{
"lessThanOrEqual": "5.5.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gibran Abdillah"
}
],
"descriptions": [
{
"lang": "en",
"value": "The App Builder \u2013 Create Native Android \u0026 iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the `verify_role()` function in `AuthTrails.php` explicitly whitelisting the `wcfm_vendor` role alongside `subscriber` and `customer`, and assigning it directly via `wp_insert_user()` without integrating with WCFM Marketplace\u0027s vendor approval workflow. This makes it possible for unauthenticated attackers to register an account with the `wcfm_vendor` role by supplying the `role` parameter in the `/wp-json/app-builder/v1/register` REST API endpoint, bypassing the standard WCFM vendor approval process and immediately gaining vendor-level privileges (product management, order access, store management) on sites where WCFM Marketplace is active."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:34:38.336Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a4521af-692a-4a84-ba9b-1904a42786c1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.5.10/includes/Di/Service/Auth/AuthTrails.php#L80"
},
{
"url": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.5.10/includes/Di/Service/Auth/RegisterAuth.php#L108"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T15:06:29.000Z",
"value": "Disclosed"
}
],
"title": "App Builder \u2013 Create Native Android \u0026 iOS Apps On The Flight \u003c= 5.5.10 - Unauthenticated Privilege Escalation via \u0027role\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2375",
"datePublished": "2026-03-21T03:26:32.352Z",
"dateReserved": "2026-02-11T20:55:16.297Z",
"dateUpdated": "2026-04-08T16:34:38.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23772 (GCVE-0-2026-23772)
Vulnerability from cvelistv5 – Published: 2026-04-16 08:30 – Updated: 2026-04-17 03:55
VLAI
Summary
Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity
7.3 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00045302… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Storage Manager |
Affected:
0 , < 8.0.3 or later
(semver)
|
Date Public
2026-04-14 18:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T03:55:13.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Manager",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.0.3 or later",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dell would like to thank falconCorrup for reporting this issue."
}
],
"datePublic": "2026-04-14T18:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."
}
],
"value": "Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T08:30:56.774Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000453020/dsa-2026-058-security-update-for-dell-storage-manager-replay-manager-for-microsoft-servers-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2026-23772",
"datePublished": "2026-04-16T08:30:56.774Z",
"dateReserved": "2026-01-16T06:05:50.872Z",
"dateUpdated": "2026-04-17T03:55:13.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-48
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.