Common Weakness Enumeration

CWE-1220

Allowed

Insufficient Granularity of Access Control

Abstraction: Base · Status: Incomplete

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

176 vulnerabilities reference this CWE, most recent first.

CVE-2026-35436 (GCVE-0-2026-35436)

Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
VLAI
Title
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Summary
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft 365 Apps for Enterprise Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Office 2019 Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Office LTSC 2021 Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Microsoft Microsoft Office LTSC 2024 Affected: 16.0.0 , < https://aka.ms/OfficeSecurityReleases (custom)
Create a notification for this product.
Date Public
2026-05-12 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T03:56:56.362Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office LTSC 2024",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
                  "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220: Insufficient Granularity of Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:12:59.674Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35436"
        }
      ],
      "title": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-35436",
    "datePublished": "2026-05-12T16:59:28.571Z",
    "dateReserved": "2026-04-02T19:21:11.805Z",
    "dateUpdated": "2026-06-19T16:12:59.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33825 (GCVE-0-2026-33825)

Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-19 16:08
VLAI
Title
Microsoft Defender Elevation of Privilege Vulnerability
Summary
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
Impacted products
Vendor Product Version
Microsoft Microsoft Defender Antimalware Platform Affected: 4.0.0.0 , < 4.18.26030.3011 (custom)
Create a notification for this product.
Date Public
2026-04-14 14:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33825",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T03:55:45.505705Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-04-22",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T12:41:44.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://www.huntress.com/blog/nightmare-eclipse-intrusion"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Defender Antimalware Platform",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.18.26030.3011",
              "status": "affected",
              "version": "4.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.18.26030.3011",
                  "versionStartIncluding": "4.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-04-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220: Insufficient Granularity of Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:08:11.602Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Defender Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825"
        }
      ],
      "title": "Microsoft Defender Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-33825",
    "datePublished": "2026-04-14T16:57:49.361Z",
    "dateReserved": "2026-03-24T00:52:01.352Z",
    "dateUpdated": "2026-06-19T16:08:11.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20107 (GCVE-0-2026-20107)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-02-25 19:05
VLAI
Title
Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
Summary
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Application Policy Infrastructure Controller (APIC) Affected: 6.1(1f)
Affected: 6.1(2f)
Affected: 6.1(2g)
Affected: 6.1(3f)
Affected: 6.1(3g)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T18:18:52.201612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T19:05:49.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Application Policy Infrastructure Controller (APIC)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.1(1f)"
            },
            {
              "status": "affected",
              "version": "6.1(2f)"
            },
            {
              "status": "affected",
              "version": "6.1(2g)"
            },
            {
              "status": "affected",
              "version": "6.1(3f)"
            },
            {
              "status": "affected",
              "version": "6.1(3g)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T16:14:33.988Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-apic-dos-rNus8EFw",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-dos-rNus8EFw"
        }
      ],
      "source": {
        "advisory": "cisco-sa-apic-dos-rNus8EFw",
        "defects": [
          "CSCwo92613"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20107",
    "datePublished": "2026-02-25T16:14:33.988Z",
    "dateReserved": "2025-10-08T11:59:15.372Z",
    "dateUpdated": "2026-02-25T19:05:49.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14615 (GCVE-0-2026-14615)

Vulnerability from cvelistv5 – Published: 2026-07-03 15:47 – Updated: 2026-07-13 11:46
VLAI
Title
Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter
Summary
A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
URL Tags
https://access.redhat.com/security/cve/CVE-2026-14615 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2496891 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Build of Keycloak     cpe:/a:redhat:build_keycloak:
Create a notification for this product.
Date Public
2026-07-03 15:37
Credits
Red Hat would like to thank yd1ng for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14615",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T16:31:50.566581Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T16:32:09.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank yd1ng for reporting this issue."
        }
      ],
      "datePublic": "2026-07-03T15:37:56.396Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak\u0027s administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller\u0027s specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T11:46:26.025Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-14615"
        },
        {
          "name": "RHBZ#2496891",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496891"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-02T17:46:15.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-07-03T15:37:56.396Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-14615",
    "datePublished": "2026-07-03T15:47:08.632Z",
    "dateReserved": "2026-07-03T15:30:28.048Z",
    "dateUpdated": "2026-07-13T11:46:26.025Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9088 (GCVE-0-2026-9088)

Vulnerability from cvelistv5 – Published: 2026-06-05 07:52 – Updated: 2026-06-26 07:01
VLAI
Title
Keycloak: keycloak: information disclosure due to user profile permission bypass
Summary
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:25097 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30049 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9088 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2480179 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.13-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-19 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4.13     cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.6 Unaffected: 26.6.3-3 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.6::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.6 Unaffected: 26.6-6 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.6::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.6.3     cpe:/a:redhat:build_keycloak:26.6::el9
Create a notification for this product.
Date Public
2026-06-05 07:45
Credits
Red Hat would like to thank Hadley So for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T13:10:30.927804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T13:10:40.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.3-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Hadley So for reporting this issue."
        }
      ],
      "datePublic": "2026-06-05T07:45:40.116Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T07:01:31.888Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:25097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25097"
        },
        {
          "name": "RHSA-2026:25098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25098"
        },
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9088"
        },
        {
          "name": "RHBZ#2480179",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480179"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-20T15:01:25.568Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-06-05T07:45:40.116Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: information disclosure due to user profile permission bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9088",
    "datePublished": "2026-06-05T07:52:52.858Z",
    "dateReserved": "2026-05-20T15:01:48.645Z",
    "dateUpdated": "2026-06-26T07:01:31.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6388 (GCVE-0-2026-6388)

Vulnerability from cvelistv5 – Published: 2026-04-15 21:34 – Updated: 2026-07-15 00:41
VLAI
Title
Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation
Summary
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
Create a notification for this product.
Date Public
2026-04-15 19:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T14:21:22.834646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T14:26:23.879Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-15T19:30:41.686Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1220",
                "description": "Insufficient Granularity of Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T00:41:29.043Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-6388"
          },
          {
            "name": "RHBZ#2458766",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6388.json"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-15T19:29:41.063Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-15T19:30:41.686Z",
            "value": "Made public."
          }
        ],
        "title": "argocd-image-updater: ArgoCD Image Updater: Cross-Namespace Privilege Escalation via insufficient namespace validation",
        "workarounds": [
          {
            "lang": "en",
            "value": "Ensure that `AppProject` resources are configured to enforce strict tenant isolation within Red Hat OpenShift GitOps environments. Additionally, restrict the permissions of the Argo CD Image Updater controller to operate only within its designated namespaces, and limit the ability of users to create or modify `ImageUpdater` resources to trusted administrators. This reduces the risk of unauthorized cross-namespace application updates."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift_gitops:1"
          ],
          "defaultStatus": "affected",
          "packageName": "openshift-gitops-1/argocd-image-updater-rhel8",
          "product": "Red Hat OpenShift GitOps",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-04-15T19:30:41.686Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T21:34:07.022Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-6388"
        },
        {
          "name": "RHBZ#2458766",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458766"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-15T19:29:41.063Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-15T19:30:41.686Z",
          "value": "Made public."
        }
      ],
      "title": "Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Ensure that `AppProject` resources are configured to enforce strict tenant isolation within Red Hat OpenShift GitOps environments. Additionally, restrict the permissions of the Argo CD Image Updater controller to operate only within its designated namespaces, and limit the ability of users to create or modify `ImageUpdater` resources to trusted administrators. This reduces the risk of unauthorized cross-namespace application updates."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-6388",
    "datePublished": "2026-04-15T21:34:07.022Z",
    "dateReserved": "2026-04-15T19:29:52.786Z",
    "dateUpdated": "2026-07-15T00:41:29.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0873 (GCVE-0-2026-0873)

Vulnerability from cvelistv5 – Published: 2026-02-04 10:42 – Updated: 2026-02-04 14:56
VLAI
Title
Privilege Elevation in Ercom Cryptobox administration console
Summary
On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Impacted products
Vendor Product Version
Ercom Cryptobox Unaffected: v4.40.x
Create a notification for this product.
Date Public
2026-02-04 10:16
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0873",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T14:56:16.541272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T14:56:23.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "Administration console"
          ],
          "product": "Cryptobox",
          "vendor": "Ercom",
          "versions": [
            {
              "status": "unaffected",
              "version": "v4.40.x"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multiple entities must be defined with dedicated administrators"
            }
          ],
          "value": "Multiple entities must be defined with dedicated administrators"
        }
      ],
      "datePublic": "2026-02-04T10:16:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator."
            }
          ],
          "value": "On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233: Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220: Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T10:42:14.626Z",
        "orgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
        "shortName": "THA-PSIRT"
      },
      "references": [
        {
          "url": "https://info.cryptobox.com/doc/v4.40/4.40.en/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to version 4.40.x."
            }
          ],
          "value": "Upgrade to version 4.40.x."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Privilege Elevation in Ercom Cryptobox administration console",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d5917ae-205d-4ae5-8749-1f49479b1395",
    "assignerShortName": "THA-PSIRT",
    "cveId": "CVE-2026-0873",
    "datePublished": "2026-02-04T10:42:14.626Z",
    "dateReserved": "2026-01-13T09:32:07.338Z",
    "dateUpdated": "2026-02-04T14:56:23.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54461 (GCVE-0-2025-54461)

Vulnerability from cvelistv5 – Published: 2025-10-16 08:55 – Updated: 2025-10-16 15:35
VLAI
Summary
ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
Impacted products
Vendor Product Version
NEOJAPAN Inc. ChatLuck Affected: V6.6 R2.0 and earlier
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T13:30:54.701867Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T15:35:43.756Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ChatLuck",
          "vendor": "NEOJAPAN Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "V6.6 R2.0 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "Insufficient Granularity of Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-16T08:55:03.769Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.chatluck.com/support/package/mainte/pchatluck-%e8%a3%bd%e5%93%81%e3%81%ab%e3%81%8a%e3%81%91%e3%82%8b%e3%80%81%e8%a4%87%e6%95%b0%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e4%b8%8a%e3%81%ae%e5%95%8f%e9%a1%8c%e3%81%ab/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN13030751/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-54461",
    "datePublished": "2025-10-16T08:55:03.769Z",
    "dateReserved": "2025-09-02T01:35:15.755Z",
    "dateUpdated": "2025-10-16T15:35:43.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-48517 (GCVE-0-2025-48517)

Vulnerability from cvelistv5 – Published: 2026-02-10 19:08 – Updated: 2026-02-10 21:17
VLAI
Summary
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
AMD
Impacted products
Date Public
2026-02-10 19:05
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48517",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T21:12:25.945690Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T21:17:00.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "TurinPI 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbTurinPI-SP5_1.0.0.1"
            }
          ]
        }
      ],
      "datePublic": "2026-02-10T19:05:28.562Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality. \u003cbr\u003e"
            }
          ],
          "value": "Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220  Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T19:08:21.524Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-48517",
    "datePublished": "2026-02-10T19:08:21.524Z",
    "dateReserved": "2025-05-22T16:34:07.748Z",
    "dateUpdated": "2026-02-10T21:17:00.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48514 (GCVE-0-2025-48514)

Vulnerability from cvelistv5 – Published: 2026-02-10 19:14 – Updated: 2026-02-11 14:54
VLAI
Summary
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1220 - Insufficient Granularity of Access Control
Assigner
AMD
Date Public
2026-02-10 19:06
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48514",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T14:53:48.498282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T14:54:00.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa++_1.0.0.H"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.H"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "TurinPI 1.0.0.6"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Genoa++_1.0.0.H"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbMilanPI-SP3 v9 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004 Series Processors (formerly codenamed \"Genoa\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbTurinPI-SP5_1.0.0.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9004 Series Processors (formerly codenamed \"Bergamo\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.C"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbGenoaPI-SP5 1.0.0.C"
            }
          ]
        }
      ],
      "datePublic": "2026-02-10T19:06:14.020Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. \u003cbr\u003e"
            }
          ],
          "value": "Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1220",
              "description": "CWE-1220  Insufficient Granularity of Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T19:14:22.874Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3023.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-48514",
    "datePublished": "2026-02-10T19:14:22.874Z",
    "dateReserved": "2025-05-22T16:34:07.747Z",
    "dateUpdated": "2026-02-11T14:54:00.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design Implementation Testing
  • Access-control-policy protections must be reviewed for design inconsistency and common weaknesses.
  • Access-control-policy definition and programming flow must be tested in pre-silicon, post-silicon testing.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels

An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack.