CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-PHVP-MXHX-W4FP
Vulnerability from github – Published: 2026-06-21 15:31 – Updated: 2026-06-21 15:31Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security.
{
"affected": [],
"aliases": [
"CVE-2026-56251"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-21T14:16:24Z",
"severity": "HIGH"
},
"details": "Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security.",
"id": "GHSA-phvp-mxhx-w4fp",
"modified": "2026-06-21T15:31:24Z",
"published": "2026-06-21T15:31:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Cap-go/capgo/security/advisories/GHSA-9xqh-f26v-9c9h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56251"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/capgo-privilege-escalation-via-broken-row-level-security-in-org-users"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PHXQ-3M6P-P9Q4
Vulnerability from github – Published: 2022-11-30 12:30 – Updated: 2022-12-02 00:30A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-4232"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-284",
"CWE-434"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-30T12:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability.",
"id": "GHSA-phxq-3m6p-p9q4",
"modified": "2022-12-02T00:30:24Z",
"published": "2022-11-30T12:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4232"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.214590"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PMFH-H23W-38MH
Vulnerability from github – Published: 2025-07-30 00:32 – Updated: 2025-11-03 21:34This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps.
{
"affected": [],
"aliases": [
"CVE-2025-43260"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-30T00:15:37Z",
"severity": "MODERATE"
},
"details": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps.",
"id": "GHSA-pmfh-h23w-38mh",
"modified": "2025-11-03T21:34:16Z",
"published": "2025-07-30T00:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43260"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124149"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/124150"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jul/33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PMM5-QG55-F45M
Vulnerability from github – Published: 2025-08-14 12:30 – Updated: 2026-04-01 18:35Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16.
{
"affected": [],
"aliases": [
"CVE-2025-54697"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T11:15:51Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16.",
"id": "GHSA-pmm5-qg55-f45m",
"modified": "2026-04-01T18:35:51Z",
"published": "2025-08-14T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54697"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/kadence-woocommerce-email-designer/vulnerability/wordpress-kadence-woocommerce-email-designer-plugin-1-5-16-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PMVV-FV86-573G
Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
{
"affected": [],
"aliases": [
"CVE-2025-62034"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T16:16:09Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through \u003c 1.0.4.",
"id": "GHSA-pmvv-fv86-573g",
"modified": "2026-01-20T15:31:53Z",
"published": "2025-11-06T18:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62034"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Theme/togo/vulnerability/wordpress-togo-theme-1-0-4-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Theme/togo/vulnerability/wordpress-togo-theme-1-0-4-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Theme/togo/vulnerability/wordpress-togo-theme-1-0-4-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PP33-F8RG-G2PQ
Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-07-15 12:31Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
{
"affected": [],
"aliases": [
"CVE-2026-12289"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T13:16:29Z",
"severity": "HIGH"
},
"details": "Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.",
"id": "GHSA-pp33-f8rg-g2pq",
"modified": "2026-07-15T12:31:48Z",
"published": "2026-06-16T15:33:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12289"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-61"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12289.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489229"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023443"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12289"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39706"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39428"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39142"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39141"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39011"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38753"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38751"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38506"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37210"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33445"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30846"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29940"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27734"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27733"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27717"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQHC-C2MX-835P
Vulnerability from github – Published: 2026-06-08 03:47 – Updated: 2026-06-08 03:47A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-11476"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-08T02:16:23Z",
"severity": "LOW"
},
"details": "A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-pqhc-c2mx-835p",
"modified": "2026-06-08T03:47:24Z",
"published": "2026-06-08T03:47:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11476"
},
{
"type": "WEB",
"url": "https://github.com/Kushan2k/student-management-system/issues/3"
},
{
"type": "WEB",
"url": "https://github.com/Kushan2k/student-management-system"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-11476"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/833945"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369096"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/369096/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PQPP-CGM6-HX6C
Vulnerability from github – Published: 2025-03-24 06:30 – Updated: 2025-03-24 06:30A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-2686"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-24T06:15:13Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in mingyuefusu \u660e\u6708\u590d\u82cf tushuguanlixitong \u56fe\u4e66\u7ba1\u7406\u7cfb\u7edf up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-pqpp-cgm6-hx6c",
"modified": "2025-03-24T06:30:25Z",
"published": "2025-03-24T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2686"
},
{
"type": "WEB",
"url": "https://gitee.com/mingyuefusu/tushuguanlixitong/issues/IBTS25"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.300703"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.300703"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.521449"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PR54-58F7-QJCC
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1416"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-17T17:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GHSA-pr54-58f7-qjcc",
"modified": "2022-05-24T17:42:31Z",
"published": "2022-05-24T17:42:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1416"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PR78-WJ2J-7C98
Vulnerability from github – Published: 2025-04-17 18:31 – Updated: 2026-04-01 18:34Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.
{
"affected": [],
"aliases": [
"CVE-2025-32648"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-17T16:15:48Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in Projectopia Projectopia allows Privilege Escalation. This issue affects Projectopia: from n/a through 5.1.16.",
"id": "GHSA-pr78-wj2j-7c98",
"modified": "2026-04-01T18:34:50Z",
"published": "2025-04-17T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32648"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/projectopia-core/vulnerability/wordpress-projectopia-project-magement-plugin-5-1-15-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.