CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-WW29-P4P9-HMQP
Vulnerability from github – Published: 2025-03-30 18:30 – Updated: 2025-03-30 18:30A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-2955"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-30T18:15:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-ww29-p4p9-hmqp",
"modified": "2025-03-30T18:30:24Z",
"published": "2025-03-30T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2955"
},
{
"type": "WEB",
"url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3000RU-ExportIbmsConfig-1b953a41781f80b89397e8c34717eb94?pvs=4"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.302008"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.302008"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.521567"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WW4H-GQQF-68H9
Vulnerability from github – Published: 2026-02-20 18:31 – Updated: 2026-02-20 18:31A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\CacheController.java of the component Cache Sync Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-2849"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-20T17:25:58Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\CacheController.java of the component Cache Sync Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-ww4h-gqqf-68h9",
"modified": "2026-02-20T18:31:40Z",
"published": "2026-02-20T18:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2849"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/60"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse/issues/60#issue-3846666902"
},
{
"type": "WEB",
"url": "https://github.com/yeqifu/warehouse"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.347085"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.347085"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.754428"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WW8C-XJP4-29Q3
Vulnerability from github – Published: 2025-12-05 00:31 – Updated: 2025-12-05 00:31A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-14052"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-05T00:15:48Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-ww8c-xjp4-29q3",
"modified": "2025-12-05T00:31:06Z",
"published": "2025-12-05T00:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14052"
},
{
"type": "WEB",
"url": "https://github.com/Hwwg/cve/issues/21"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.334368"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.334368"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.694854"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WWWH-93V4-HF5M
Vulnerability from github – Published: 2025-10-22 15:31 – Updated: 2026-01-20 15:31Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0.
{
"affected": [],
"aliases": [
"CVE-2025-60222"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T15:15:59Z",
"severity": "MODERATE"
},
"details": "Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through \u003c= 7.6.0.",
"id": "GHSA-wwwh-93v4-hf5m",
"modified": "2026-01-20T15:31:30Z",
"published": "2025-10-22T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60222"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/sumomemberships/vulnerability/wordpress-sumo-memberships-for-woocommerce-plugin-7-6-0-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/sumomemberships/vulnerability/wordpress-sumo-memberships-for-woocommerce-plugin-7-6-0-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/sumomemberships/vulnerability/wordpress-sumo-memberships-for-woocommerce-plugin-7-6-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WX4Q-8VH8-7998
Vulnerability from github – Published: 2024-12-16 15:31 – Updated: 2026-04-01 18:32Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
{
"affected": [],
"aliases": [
"CVE-2024-54363"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-16T15:15:09Z",
"severity": "CRITICAL"
},
"details": "Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.",
"id": "GHSA-wx4q-8vh8-7998",
"modified": "2026-04-01T18:32:49Z",
"published": "2024-12-16T15:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54363"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXFX-H38M-CR9X
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.
This issue affects Cyberduck through 9.1.6 and Mountain Duck through 4.17.5.
{
"affected": [],
"aliases": [
"CVE-2025-41255"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-25T10:15:21Z",
"severity": "HIGH"
},
"details": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5.",
"id": "GHSA-wxfx-h38m-cr9x",
"modified": "2025-06-26T21:31:11Z",
"published": "2025-06-26T21:31:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/iterate-ch/cyberduck/security/advisories/GHSA-vjjc-grpp-m655"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41255"
},
{
"type": "WEB",
"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250325-01_Cyberduck_Mountain_Duck_Certificate_Handling"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X255-QVFV-83JW
Vulnerability from github – Published: 2025-05-23 21:31 – Updated: 2025-05-23 21:31A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API endpoint.
{
"affected": [],
"aliases": [
"CVE-2025-48741"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-23T20:15:25Z",
"severity": "MODERATE"
},
"details": "A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user\u0027s permissions, through a specific API endpoint.",
"id": "GHSA-x255-qvfv-83jw",
"modified": "2025-05-23T21:31:12Z",
"published": "2025-05-23T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48741"
},
{
"type": "WEB",
"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-004.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X339-928H-52PW
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2024-08-27 18:31A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
{
"affected": [],
"aliases": [
"CVE-2024-27460"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:12:33Z",
"severity": "MODERATE"
},
"details": "A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.",
"id": "GHSA-x339-928h-52pw",
"modified": "2024-08-27T18:31:35Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27460"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_9869257-9869285-16/hpsbpy03895"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X3PG-94GM-79P3
Vulnerability from github – Published: 2025-09-26 03:31 – Updated: 2025-09-26 03:31A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-10988"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-26T01:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-x3pg-94gm-79p3",
"modified": "2025-09-26T03:31:06Z",
"published": "2025-09-26T03:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10988"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.325911"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.325911"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.653736"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/19063563"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X3WM-R2CM-WM5Q
Vulnerability from github – Published: 2026-07-10 18:32 – Updated: 2026-07-13 18:30A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-15376"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-10T17:16:54Z",
"severity": "LOW"
},
"details": "A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-x3wm-r2cm-wm5q",
"modified": "2026-07-13T18:30:29Z",
"published": "2026-07-10T18:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15376"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/18l6-Lpvqq1B-ureww1zR5d_nyhZl312q/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://github.com/omarelshopky/cves/tree/main/eleveo/call-recording-software/CVE-2026-15376"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-15376"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/797461"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/377443"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/377443/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.