CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-GR54-FJX7-FJ9C
Vulnerability from github – Published: 2026-06-08 18:31 – Updated: 2026-06-08 18:31A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.
{
"affected": [],
"aliases": [
"CVE-2026-11555"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T18:16:32Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is assessed as difficult. The exploit is publicly available and might be used.",
"id": "GHSA-gr54-fjx7-fj9c",
"modified": "2026-06-08T18:31:53Z",
"published": "2026-06-08T18:31:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11555"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-11555"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/834824"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369165"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369165/cti"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
},
{
"type": "WEB",
"url": "https://www.notion.so/D-link-DGS-1100-08PD-v1-00-006-3670ed14e5cb80848bc4e3129dfafa29?source=copy_link"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GV86-FJR8-GFWC
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-28 00:31Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
{
"affected": [],
"aliases": [
"CVE-2025-69183"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T17:16:24Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through \u003c= 1.3.9.",
"id": "GHSA-gv86-fjr8-gfwc",
"modified": "2026-01-28T00:31:39Z",
"published": "2026-01-22T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69183"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/hospital-doctor-directory/vulnerability/wordpress-hospital-doctor-directory-plugin-1-3-9-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GV8W-M9X9-CVQJ
Vulnerability from github – Published: 2026-02-20 18:31 – Updated: 2026-02-20 18:31A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\InportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2851"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T18:25:54Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\bus\\controller\\InportController.java of the component Inport Endpoint. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-gv8w-m9x9-cvqj",
"modified": "2026-02-20T18:31:40Z",
"published": "2026-02-20T18:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2851"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/62"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/62#issue-3846670634"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.347087"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.347087"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.754430"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GVRQ-2779-X2HW
Vulnerability from github – Published: 2024-10-10 03:30 – Updated: 2024-10-10 03:30The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2024-9519"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-10T02:15:05Z",
"severity": "HIGH"
},
"details": "The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the \u0027save_metabox_form\u0027 function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.",
"id": "GHSA-gvrq-2779-x2hw",
"modified": "2024-10-10T03:30:46Z",
"published": "2024-10-10T03:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9519"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/userplus/trunk/admin/admin-post-metaboxes.php?rev=1627771#L62"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GW66-X3Q6-F7FV
Vulnerability from github – Published: 2024-11-25 18:33 – Updated: 2024-11-25 21:30IBM Jazz Foundation 7.0.2 and 7.0.3
could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.
{
"affected": [],
"aliases": [
"CVE-2023-26280"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-25T16:15:06Z",
"severity": "MODERATE"
},
"details": "IBM Jazz Foundation 7.0.2 and 7.0.3\n\n\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control.",
"id": "GHSA-gw66-x3q6-f7fv",
"modified": "2024-11-25T21:30:50Z",
"published": "2024-11-25T18:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26280"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7176207"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GW69-97JP-C5GG
Vulnerability from github – Published: 2026-06-15 06:31 – Updated: 2026-06-15 06:31A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-12212"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T04:16:25Z",
"severity": "LOW"
},
"details": "A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-gw69-97jp-c5gg",
"modified": "2026-06-15T06:31:38Z",
"published": "2026-06-15T06:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12212"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-12212"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/832973"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370854"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/370854/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GWP7-PHFM-2677
Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.
{
"affected": [],
"aliases": [
"CVE-2026-1712"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T17:16:29Z",
"severity": "MODERATE"
},
"details": "Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.",
"id": "GHSA-gwp7-phfm-2677",
"modified": "2026-03-25T18:31:48Z",
"published": "2026-03-25T18:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1712"
},
{
"type": "WEB",
"url": "https://www.hypr.com/trust-center/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GWQG-29R6-J2PQ
Vulnerability from github – Published: 2024-12-13 15:30 – Updated: 2026-04-01 18:32Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0.
{
"affected": [],
"aliases": [
"CVE-2024-54293"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-13T15:15:33Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0.",
"id": "GHSA-gwqg-29r6-j2pq",
"modified": "2026-04-01T18:32:43Z",
"published": "2024-12-13T15:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54293"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ce21-suite/vulnerability/wordpress-ce21-suite-plugin-2-2-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GWR7-G7GQ-M3V3
Vulnerability from github – Published: 2025-04-04 15:31 – Updated: 2026-04-01 18:34Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.
{
"affected": [],
"aliases": [
"CVE-2025-31420"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-04T13:15:46Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.4.2.",
"id": "GHSA-gwr7-g7gq-m3v3",
"modified": "2026-04-01T18:34:28Z",
"published": "2025-04-04T15:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31420"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wpforo/vulnerability/wordpress-wpforo-forum-plugin-2-4-2-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GX4P-PRHW-C28V
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-10-22 12:00An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20264"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269",
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-06T16:15:00Z",
"severity": "HIGH"
},
"details": "An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"id": "GHSA-gx4p-prhw-c28v",
"modified": "2022-10-22T12:00:28Z",
"published": "2022-05-24T19:16:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20264"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932283"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.