CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-PCQX-8QWW-7F4V
Vulnerability from github – Published: 2025-12-15 18:30 – Updated: 2026-01-22 18:30A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/redhat-developer/gitops-operator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-13888"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-16T20:11:04Z",
"nvd_published_at": "2025-12-15T16:15:50Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.",
"id": "GHSA-pcqx-8qww-7f4v",
"modified": "2026-01-22T18:30:29Z",
"published": "2025-12-15T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13888"
},
{
"type": "WEB",
"url": "https://github.com/redhat-developer/gitops-operator/pull/897"
},
{
"type": "WEB",
"url": "https://github.com/redhat-developer/gitops-operator/commit/bc6ac3e03d7c8b3db5d8f1770c868396a4c2dcef"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23203"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23206"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:23207"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:1017"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-13888"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418361"
},
{
"type": "PACKAGE",
"url": "https://github.com/redhat-developer/gitops-operator"
},
{
"type": "WEB",
"url": "https://github.com/redhat-developer/gitops-operator/releases/tag/v1.16.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenShift GitOps authenticated attackers can obtain cluster root access through forged ArgoCD custom resources"
}
GHSA-PF2V-X6JH-MCXQ
Vulnerability from github – Published: 2024-05-17 12:30 – Updated: 2026-04-01 18:31Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2.
{
"affected": [],
"aliases": [
"CVE-2024-32959"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T10:15:12Z",
"severity": "HIGH"
},
"details": "Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2.",
"id": "GHSA-pf2v-x6jh-mcxq",
"modified": "2026-04-01T18:31:47Z",
"published": "2024-05-17T12:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32959"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/sirv/vulnerability/wordpress-sirv-plugin-7-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-2-arbitrary-option-update-to-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PF8X-2FQC-P3PR
Vulnerability from github – Published: 2025-09-27 00:30 – Updated: 2025-09-27 00:30A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-11048"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-26T22:15:33Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.",
"id": "GHSA-pf8x-2fqc-p3pr",
"modified": "2025-09-27T00:30:28Z",
"published": "2025-09-27T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11048"
},
{
"type": "WEB",
"url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20%20in%20%60.consulta-dispensas%60%20Endpoint.md"
},
{
"type": "WEB",
"url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-11048.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.326085"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.326085"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.659202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PFVG-RVXX-JFRG
Vulnerability from github – Published: 2025-04-30 21:31 – Updated: 2025-04-30 21:31A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-4136"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-30T20:15:21Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-pfvg-rvxx-jfrg",
"modified": "2025-04-30T21:31:50Z",
"published": "2025-04-30T21:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4136"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.306627"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.306627"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.560782"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/18830909"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PFX8-R844-MQR9
Vulnerability from github – Published: 2026-06-01 15:30 – Updated: 2026-06-01 15:30Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation.
This issue affects AIWU: from n/a through 1.4.17.
{
"affected": [],
"aliases": [
"CVE-2026-48879"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T15:16:38Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation.\n\nThis issue affects AIWU: from n/a through 1.4.17.",
"id": "GHSA-pfx8-r844-mqr9",
"modified": "2026-06-01T15:30:42Z",
"published": "2026-06-01T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48879"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ai-copilot-content-generator/vulnerability/wordpress-aiwu-plugin-1-4-17-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGX2-F4QR-R5V5
Vulnerability from github – Published: 2025-10-12 21:30 – Updated: 2025-10-12 21:30A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high complexity. The exploitability is said to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-11641"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-12T19:15:35Z",
"severity": "LOW"
},
"details": "A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high complexity. The exploitability is said to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-pgx2-f4qr-r5v5",
"modified": "2025-10-12T21:30:15Z",
"published": "2025-10-12T21:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11641"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.328052"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.328052"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.661379"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PGXQ-89JQ-23CM
Vulnerability from github – Published: 2025-01-29 03:31 – Updated: 2025-01-29 03:31A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-0802"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-29T02:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-pgxq-89jq-23cm",
"modified": "2025-01-29T03:31:50Z",
"published": "2025-01-29T03:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0802"
},
{
"type": "WEB",
"url": "https://github.com/theanm0l/VulnDB/blob/main/Improper%20Authorization.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.293923"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.293923"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.485005"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PH52-WH83-M7PG
Vulnerability from github – Published: 2024-11-27 18:34 – Updated: 2024-11-27 18:34A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2024-11860"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-27T17:15:10Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-ph52-wh83-m7pg",
"modified": "2024-11-27T18:34:04Z",
"published": "2024-11-27T18:34:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11860"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1CyjtknGVqn5QO_R1WZX-hoGH8ae5DjRq/view"
},
{
"type": "WEB",
"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Best%20house%20rental%20management%20system%20project%20in%20php/Unauthorized%20Tenant%20Deletion.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.286245"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.286245"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.449684"
},
{
"type": "WEB",
"url": "https://www.sourcecodester.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PHGF-3849-RGJQ
Vulnerability from github – Published: 2026-03-31 12:31 – Updated: 2026-04-06 22:49Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xw77-45gv-p728. This link is maintained to preserve external references.
Original Description
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "2026.3.7"
},
{
"fixed": "2026.3.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-06T22:49:20Z",
"nvd_published_at": "2026-03-31T12:16:28Z",
"severity": "CRITICAL"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xw77-45gv-p728. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution.",
"id": "GHSA-phgf-3849-rgjq",
"modified": "2026-04-06T22:49:20Z",
"published": "2026-03-31T12:31:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32916"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-plugin-subagent-routes-via-synthetic-admin-scopes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw: Plugin subagent routes could bypass gateway authorization with synthetic admin scopes",
"withdrawn": "2026-04-06T22:49:20Z"
}
GHSA-PHRM-6C7X-J62R
Vulnerability from github – Published: 2022-10-28 12:00 – Updated: 2022-11-01 12:00A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-3735"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-28T08:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability.",
"id": "GHSA-phrm-6c7x-j62r",
"modified": "2022-11-01T12:00:37Z",
"published": "2022-10-28T12:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3735"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.212417"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.