Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1912 vulnerabilities reference this CWE, most recent first.

GHSA-X49R-2376-H28Q

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-15 21:30
VLAI
Details

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-39583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T21:16:47Z",
    "severity": "CRITICAL"
  },
  "details": "Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery \u003c= 2.6.62 versions.",
  "id": "GHSA-x49r-2376-h28q",
  "modified": "2026-06-15T21:30:45Z",
  "published": "2026-06-15T21:30:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39583"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/datalogics/vulnerability/wordpress-datalogics-ecommerce-delivery-plugin-2-6-62-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4FR-7G44-PRW4

Vulnerability from github – Published: 2026-03-08 15:30 – Updated: 2026-03-08 15:30
VLAI
Details

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-08T14:15:54Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.",
  "id": "GHSA-x4fr-7g44-prw4",
  "modified": "2026-03-08T15:30:30Z",
  "published": "2026-03-08T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3737"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_1.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.349715"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.349715"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.767320"
    },
    {
      "type": "WEB",
      "url": "https://www.sourcecodester.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X4XM-FPHX-3VMH

Vulnerability from github – Published: 2025-06-02 06:30 – Updated: 2025-06-02 06:30
VLAI
Details

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5429"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-02T05:16:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-x4xm-fphx-3vmh",
  "modified": "2025-06-02T06:30:32Z",
  "published": "2025-06-02T06:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5429"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_install_plugins.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.310762"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.310762"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.584057"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X5GW-XJGF-G6GH

Vulnerability from github – Published: 2025-08-12 03:31 – Updated: 2025-08-12 03:31
VLAI
Details

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-42936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T03:15:26Z",
    "severity": "MODERATE"
  },
  "details": "The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.",
  "id": "GHSA-x5gw-xjgf-g6gh",
  "modified": "2025-08-12T03:31:51Z",
  "published": "2025-08-12T03:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42936"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3602656"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5VR-47XP-GJ5R

Vulnerability from github – Published: 2025-01-31 03:32 – Updated: 2025-01-31 18:31
VLAI
Details

Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-31T03:15:11Z",
    "severity": "HIGH"
  },
  "details": "Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.",
  "id": "GHSA-x5vr-47xp-gj5r",
  "modified": "2025-01-31T18:31:05Z",
  "published": "2025-01-31T03:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46974"
    },
    {
      "type": "WEB",
      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5X2-H3Q5-3CM9

Vulnerability from github – Published: 2023-08-10 03:30 – Updated: 2024-04-04 06:46
VLAI
Details

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-30691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-10T02:15:11Z",
    "severity": "HIGH"
  },
  "details": "Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.",
  "id": "GHSA-x5x2-h3q5-3cm9",
  "modified": "2024-04-04T06:46:21Z",
  "published": "2023-08-10T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30691"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=08"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X629-46CC-7XGW

Vulnerability from github – Published: 2026-06-18 20:15 – Updated: 2026-06-18 20:15
VLAI
Summary
OpenClaw: Active Memory write scope could mutate global config
Details

Summary

Active Memory write scope could mutate global config. In affected versions, a Gateway caller with operator.write access to the affected command could change global configuration without requiring operator.admin.

This advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.

Impact

When the affected feature is enabled and reachable, this could apply configuration changes beyond the intended write scope. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.

Patched Versions

The first stable patched version is 2026.5.6.

Mitigations

limit Active Memory write access to trusted operators until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.5.5"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.5.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-53847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T20:15:20Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nActive Memory write scope could mutate global config. In affected versions, a Gateway caller with `operator.write` access to the affected command could change global configuration without requiring `operator.admin`.\n\nThis advisory is scoped to the named feature and configuration. It does not change OpenClaw\u0027s trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.\n\n### Impact\n\nWhen the affected feature is enabled and reachable, this could apply configuration changes beyond the intended write scope. Practical impact depends on the operator\u0027s configuration and whether lower-trust input can reach that path.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.6`.\n\n### Mitigations\n\nlimit Active Memory write access to trusted operators until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.",
  "id": "GHSA-x629-46cc-7xgw",
  "modified": "2026-06-18T20:15:20Z",
  "published": "2026-06-18T20:15:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53847"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Active Memory write scope could mutate global config"
}

GHSA-X645-349V-XWM6

Vulnerability from github – Published: 2024-02-22 00:31 – Updated: 2024-02-22 00:31
VLAI
Details

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6477"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-22T00:15:51Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation.",
  "id": "GHSA-x645-349v-xwm6",
  "modified": "2024-02-22T00:31:01Z",
  "published": "2024-02-22T00:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6477"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2270898"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X697-98XP-H39F

Vulnerability from github – Published: 2025-04-13 12:30 – Updated: 2025-04-13 12:30
VLAI
Details

A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-639"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-13T12:15:15Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-x697-98xp-h39f",
  "modified": "2025-04-13T12:30:31Z",
  "published": "2025-04-13T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3537"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.304575"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.304575"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.545859"
    },
    {
      "type": "WEB",
      "url": "https://www.websecurityinsights.my.id/2025/03/tutorials-website-employee-management_28.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X6MM-HVFX-GXP7

Vulnerability from github – Published: 2024-08-14 18:32 – Updated: 2024-08-14 18:32
VLAI
Details

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-42441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T17:15:17Z",
    "severity": "MODERATE"
  },
  "details": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.",
  "id": "GHSA-x6mm-hvfx-gxp7",
  "modified": "2024-08-14T18:32:43Z",
  "published": "2024-08-14T18:32:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42441"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.