CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5427 vulnerabilities reference this CWE, most recent first.
GHSA-XW24-W9W2-XW4Q
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21786"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-07T17:15:00Z",
"severity": "HIGH"
},
"details": "A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.",
"id": "GHSA-xw24-w9w2-xw4q",
"modified": "2022-05-24T19:06:59Z",
"published": "2022-05-24T19:06:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21786"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1253"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW26-RV7F-J6W8
Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2023-12-31 21:30Windows Update Stack Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2020-17077"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-11T07:15:00Z",
"severity": "HIGH"
},
"details": "Windows Update Stack Elevation of Privilege Vulnerability",
"id": "GHSA-xw26-rv7f-j6w8",
"modified": "2023-12-31T21:30:29Z",
"published": "2022-05-24T17:33:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17077"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17077"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW39-FHVP-3JJ6
Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-17 00:00The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
{
"affected": [],
"aliases": [
"CVE-2021-27766"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-06T18:15:00Z",
"severity": "HIGH"
},
"details": "The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.",
"id": "GHSA-xw39-fhvp-3jj6",
"modified": "2022-05-17T00:00:54Z",
"published": "2022-05-07T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27766"
},
{
"type": "WEB",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0024/MNDT-2022-0024.md"
},
{
"type": "WEB",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0098116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW4V-XPFG-J25J
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
{
"affected": [],
"aliases": [
"CVE-2026-46873"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T10:54:05Z",
"severity": "HIGH"
},
"details": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).",
"id": "GHSA-xw4v-xpfg-j25j",
"modified": "2026-06-17T18:35:33Z",
"published": "2026-06-17T18:35:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46873"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cspujun2026.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW65-87W9-V79C
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-07-13 00:01There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
{
"affected": [],
"aliases": [
"CVE-2021-22314"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-22T20:15:00Z",
"severity": "HIGH"
},
"details": "There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.",
"id": "GHSA-xw65-87w9-v79c",
"modified": "2022-07-13T00:01:09Z",
"published": "2022-05-24T17:45:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22314"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210218-01-privilege-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW77-45GV-P728
Vulnerability from github – Published: 2026-03-13 15:47 – Updated: 2026-04-06 22:49Summary
In affected versions of openclaw, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using auth: "plugin" could therefore trigger admin-only gateway actions without normal gateway authorization.
Impact
This is a critical authorization bypass. An external unauthenticated request to a plugin-owned route could reach privileged subagent runtime methods and perform admin-only gateway actions such as deleting sessions, reading session data, or triggering agent execution.
Affected Packages and Versions
- Package:
openclaw(npm) - Affected versions:
>= 2026.3.7, < 2026.3.11 - Fixed in:
2026.3.11
Technical Details
The new plugin subagent runtime preserved neither the original caller's auth context nor least-privilege scope. Instead, it executed gateway dispatches through a fabricated operator client with administrative scopes, which was reachable from plugin-owned routes that intentionally bypass normal gateway auth so plugins can perform their own webhook verification.
Fix
OpenClaw now preserves real authorization boundaries for plugin subagent calls instead of dispatching them through synthetic admin scopes. The fix shipped in openclaw@2026.3.11.
Workarounds
Upgrade to 2026.3.11 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "2026.3.7"
},
{
"fixed": "2026.3.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32916"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-285"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T15:47:23Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "## Summary\nIn affected versions of `openclaw`, the plugin subagent runtime dispatched gateway methods through a synthetic operator client that always carried broad administrative scopes. Plugin-owned HTTP routes using `auth: \"plugin\"` could therefore trigger admin-only gateway actions without normal gateway authorization.\n\n## Impact\nThis is a critical authorization bypass. An external unauthenticated request to a plugin-owned route could reach privileged subagent runtime methods and perform admin-only gateway actions such as deleting sessions, reading session data, or triggering agent execution.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `\u003e= 2026.3.7, \u003c 2026.3.11`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nThe new plugin subagent runtime preserved neither the original caller\u0027s auth context nor least-privilege scope. Instead, it executed gateway dispatches through a fabricated operator client with administrative scopes, which was reachable from plugin-owned routes that intentionally bypass normal gateway auth so plugins can perform their own webhook verification.\n\n## Fix\nOpenClaw now preserves real authorization boundaries for plugin subagent calls instead of dispatching them through synthetic admin scopes. The fix shipped in `openclaw@2026.3.11`.\n\n## Workarounds\nUpgrade to `2026.3.11` or later.",
"id": "GHSA-xw77-45gv-p728",
"modified": "2026-04-06T22:49:26Z",
"published": "2026-03-13T15:47:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32916"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes"
}
GHSA-XW9R-PWV2-2PXF
Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2022-06-22 00:00Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
{
"affected": [],
"aliases": [
"CVE-2022-1654"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-13T14:15:00Z",
"severity": "HIGH"
},
"details": "Jupiter Theme \u003c= 6.10.1 and JupiterX Core Plugin \u003c= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the \"abb_uninstall_template\" (both) and \"jupiterx_core_cp_uninstall_template\" (JupiterX Core Only) AJAX actions",
"id": "GHSA-xw9r-pwv2-2pxf",
"modified": "2022-06-22T00:00:48Z",
"published": "2022-06-14T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1654"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2022/05/critical-privilege-escalation-vulnerability-in-jupiter-and-jupiterx-premium-themes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWGG-M7FX-83WX
Vulnerability from github – Published: 2025-05-19 19:12 – Updated: 2025-05-19 19:12A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.
Am I Vulnerable?
This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters.
Affected Components
gardener/external-dns-management
Affected Versions
- < 0.23.6
Fixed Versions
- >= 0.23.6
Important
The external-dns-management component may also be deployed on the seeds by the https://github.com/gardener/gardener-extension-shoot-dns-service extension when the extension is enabled. In this case, all versions of the shoot-dns-service extension <= v1.60.0 are affected by this vulnerability.
How do I mitigate this vulnerability?
Update to a fixed version.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/gardener/external-dns-management"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/gardener/gardener-extension-shoot-dns-service"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47282"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-19T19:12:48Z",
"nvd_published_at": "2025-05-19T18:15:30Z",
"severity": "CRITICAL"
},
"details": "A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed.\n\n### Am I Vulnerable?\n\nThis CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters.\n\n### Affected Components\n\n- `gardener/external-dns-management`\n\n### Affected Versions\n\n- \u003c 0.23.6\n\n### Fixed Versions\n\n- \u0026gt;= 0.23.6\n\n### Important\n\nThe `external-dns-management` component may also be deployed on the seeds by the https://github.com/gardener/gardener-extension-shoot-dns-service extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `\u003c= v1.60.0` are affected by this vulnerability.\n\n### How do I mitigate this vulnerability?\n\nUpdate to a fixed version.",
"id": "GHSA-xwgg-m7fx-83wx",
"modified": "2025-05-19T19:12:48Z",
"published": "2025-05-19T19:12:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gardener/external-dns-management/security/advisories/GHSA-xwgg-m7fx-83wx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47282"
},
{
"type": "PACKAGE",
"url": "https://github.com/gardener/external-dns-management"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation"
}
GHSA-XWJC-4JXH-J5P8
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2024-10-08 18:32Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.
{
"affected": [],
"aliases": [
"CVE-2021-1652"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-12T20:15:00Z",
"severity": "HIGH"
},
"details": "Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-2021-1688, CVE-2021-1693.",
"id": "GHSA-xwjc-4jxh-j5p8",
"modified": "2024-10-08T18:32:56Z",
"published": "2022-05-24T17:38:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1652"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1652"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1652"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XWRR-GVQM-J58V
Vulnerability from github – Published: 2024-04-05 21:32 – Updated: 2025-02-27 21:31In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-29741"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-05T20:15:08Z",
"severity": "HIGH"
},
"details": "In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-xwrr-gvqm-j58v",
"modified": "2025-02-27T21:31:56Z",
"published": "2024-04-05T21:32:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29741"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.