Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-X6MM-HVFX-GXP7

Vulnerability from github – Published: 2024-08-14 18:32 – Updated: 2024-08-14 18:32
VLAI
Details

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T17:15:17Z",
    "severity": "MODERATE"
  },
  "details": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.",
  "id": "GHSA-x6mm-hvfx-gxp7",
  "modified": "2024-08-14T18:32:43Z",
  "published": "2024-08-14T18:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42441"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7CG-3X6G-HGHF

Vulnerability from github – Published: 2025-06-03 21:30 – Updated: 2025-06-03 21:30
VLAI
Details

A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-03T19:15:40Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in jack0240 \u9b4f bskms \u84dd\u5929\u5e7c\u513f\u56ed\u7ba1\u7406\u7cfb\u7edf up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.",
  "id": "GHSA-x7cg-3x6g-hghf",
  "modified": "2025-06-03T21:30:38Z",
  "published": "2025-06-03T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5522"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/jack0240/bskms/issues/ICAOOU"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.310958"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.310958"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.584986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X8JJ-J32X-RQJ9

Vulnerability from github – Published: 2025-04-01 21:31 – Updated: 2025-04-04 21:30
VLAI
Details

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-01T21:15:43Z",
    "severity": "MODERATE"
  },
  "details": "An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component.",
  "id": "GHSA-x8jj-j32x-rqj9",
  "modified": "2025-04-04T21:30:50Z",
  "published": "2025-04-01T21:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29036"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sahat/hackathon-starter/issues/1326"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sahat/hackathon-starter/pull/1328"
    },
    {
      "type": "WEB",
      "url": "https://github.com/HypeDuke/vulnerable-research/blob/main/CVE-2025-29036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8QX-W8W2-G4RX

Vulnerability from github – Published: 2026-03-29 15:30 – Updated: 2026-03-29 15:30
VLAI
Details

OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller's current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-32922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-29T13:17:00Z",
    "severity": "CRITICAL"
  },
  "details": "OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes by failing to constrain newly minted scopes to the caller\u0027s current scope set. Attackers can obtain operator.admin tokens for paired devices and achieve remote code execution on connected nodes via system.run or gain unauthorized gateway-admin access.",
  "id": "GHSA-x8qx-w8w2-g4rx",
  "modified": "2026-03-29T15:30:19Z",
  "published": "2026-03-29T15:30:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-4jpw-hj22-2xmc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32922"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-unvalidated-scope-in-device-token-rotate"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X8VJ-HJMM-529G

Vulnerability from github – Published: 2025-04-27 18:30 – Updated: 2025-05-12 21:31
VLAI
Details

A vulnerability classified as problematic was found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0. This vulnerability affects unknown code of the file /v1/prescription/list. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3980"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-27T18:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in wowjoy \u6d59\u6c5f\u6e56\u5dde\u534e\u5353\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8 Internet Doctor Workstation System 1.0. This vulnerability affects unknown code of the file /v1/prescription/list. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-x8vj-hjmm-529g",
  "modified": "2025-05-12T21:31:00Z",
  "published": "2025-04-27T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3980"
    },
    {
      "type": "WEB",
      "url": "https://github.com/38279/3/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.306316"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.306316"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.557930"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X9C8-763W-495X

Vulnerability from github – Published: 2026-06-09 12:32 – Updated: 2026-07-08 15:31
VLAI
Details

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T10:16:33Z",
    "severity": "CRITICAL"
  },
  "details": "Arm C1-Ultra, C1-Premium, Neoverse V3 \u0026 V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 \u0026 X1C, Cortex-A710, Cortex-A78, A78AE \u0026 A78C, Cortex-A77, Cortex-A76 \u0026 A76A may allow writes to resources owned by a higher exception level.",
  "id": "GHSA-x9c8-763w-495x",
  "modified": "2026-07-08T15:31:37Z",
  "published": "2026-06-09T12:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10263"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34911"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36018"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36348"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:36349"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-10263"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486958"
    },
    {
      "type": "WEB",
      "url": "https://developer.arm.com/documentation/112137"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10263.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/09/13"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-493.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9X4-XV57-6G86

Vulnerability from github – Published: 2025-09-14 06:30 – Updated: 2025-09-14 06:30
VLAI
Details

A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-14T05:15:30Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-x9x4-xv57-6g86",
  "modified": "2025-09-14T06:30:19Z",
  "published": "2025-09-14T06:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10390"
    },
    {
      "type": "WEB",
      "url": "https://github.com/August829/Yu/blob/main/58ead8e7e08bfb014.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323825"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323825"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XC8R-3VQ4-2WWP

Vulnerability from github – Published: 2023-07-25 15:30 – Updated: 2024-04-04 06:21
VLAI
Details

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-25T15:15:13Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access",
  "id": "GHSA-xc8r-3vq4-2wwp",
  "modified": "2024-04-04T06:21:05Z",
  "published": "2023-07-25T15:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39173"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCH6-9RQG-692Q

Vulnerability from github – Published: 2025-04-13 12:30 – Updated: 2025-04-13 12:30
VLAI
Details

A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-13T12:15:15Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-xch6-9rqg-692q",
  "modified": "2025-04-13T12:30:31Z",
  "published": "2025-04-13T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3536"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.304574"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.304574"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.545810"
    },
    {
      "type": "WEB",
      "url": "https://www.websecurityinsights.my.id/2025/03/tutorials-website-employee-management.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-XF9V-H779-XXHR

Vulnerability from github – Published: 2026-06-29 09:30 – Updated: 2026-06-29 09:30
VLAI
Details

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-29T09:16:28Z",
    "severity": "HIGH"
  },
  "details": "Because O+ Connect\u0027s IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.",
  "id": "GHSA-xf9v-h779-xxhr",
  "modified": "2026-06-29T09:30:29Z",
  "published": "2026-06-29T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22078"
    },
    {
      "type": "WEB",
      "url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2070415238859333632"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.