Common Weakness Enumeration

CWE-280

Allowed

Improper Handling of Insufficient Permissions or Privileges

Abstraction: Base · Status: Draft

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

256 vulnerabilities reference this CWE, most recent first.

CVE-2026-62393 (GCVE-0-2026-62393)

Vulnerability from cvelistv5 – Published: 2026-07-14 12:19 – Updated: 2026-07-14 12:31
VLAI
Title
Apache Kylin: Improper authorization in job information retrieval
Summary
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which fixes the issue.
Severity
No CVSS data available.
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Kylin Affected: 4 , ≤ 5.0.3 (semver)
Create a notification for this product.
Credits
Yicheng <yyc2569580673@gmail.com> Haoran Zhao Lei Zhang
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-07-14T12:31:59.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/07/14/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Kylin",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "5.0.3",
              "status": "affected",
              "version": "4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yicheng \u003cyyc2569580673@gmail.com\u003e"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Haoran Zhao"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Lei Zhang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin.\u0026nbsp;Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4 through 5.0.3.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.4, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin.\u00a0Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects.\n\nThis issue affects Apache Kylin: from 4 through 5.0.3.\n\nUsers are recommended to upgrade to version 5.0.4, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T12:19:27.705Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/xg8dcyjw0nkq5y8dhq3r25x3rxc62x9j"
        }
      ],
      "source": {
        "defect": [
          "KYLIN-6090"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Kylin: Improper authorization in job information retrieval",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-62393",
    "datePublished": "2026-07-14T12:19:27.705Z",
    "dateReserved": "2026-07-14T03:33:13.944Z",
    "dateUpdated": "2026-07-14T12:31:59.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54262 (GCVE-0-2026-54262)

Vulnerability from cvelistv5 – Published: 2026-07-01 21:11 – Updated: 2026-07-02 12:42
VLAI
Title
Wagtail: Pages translations can be created without page permissions when using simple_translation
Summary
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.8
Affected: >= 7.1.0, < 7.3.3
Affected: >= 7.4.0, < 7.4.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54262",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T12:42:05.464782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:42:13.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1.0, \u003c 7.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.4.0, \u003c 7.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the \"Can submit translation\" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T21:11:27.671Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-8634-mr4j-r72c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-8634-mr4j-r72c"
        }
      ],
      "source": {
        "advisory": "GHSA-8634-mr4j-r72c",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Pages translations can be created without page permissions when using simple_translation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54262",
    "datePublished": "2026-07-01T21:11:27.671Z",
    "dateReserved": "2026-06-12T17:13:32.279Z",
    "dateUpdated": "2026-07-02T12:42:13.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54261 (GCVE-0-2026-54261)

Vulnerability from cvelistv5 – Published: 2026-07-01 21:10 – Updated: 2026-07-02 14:42
VLAI
Title
Wagtail: Improper permission handling in image preview
Summary
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not exposed. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.8
Affected: >= 7.1.0, < 7.3.3
Affected: >= 7.4.0, < 7.4.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T14:42:27.412156Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T14:42:46.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1.0, \u003c 7.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.4.0, \u003c 7.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not exposed. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T21:10:22.800Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-r6p4-grq7-xm4m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-r6p4-grq7-xm4m"
        }
      ],
      "source": {
        "advisory": "GHSA-r6p4-grq7-xm4m",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Improper permission handling in image preview"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54261",
    "datePublished": "2026-07-01T21:10:22.800Z",
    "dateReserved": "2026-06-12T17:13:32.279Z",
    "dateUpdated": "2026-07-02T14:42:46.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54259 (GCVE-0-2026-54259)

Vulnerability from cvelistv5 – Published: 2026-07-01 21:09 – Updated: 2026-07-02 15:49
VLAI
Title
Wagtail: Improper restriction handling on Documents and Images chosen endpoints
Summary
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could see the filename and name and URLs of documents and images in those collections. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.8
Affected: >= 7.1.0, < 7.3.3
Affected: >= 7.4.0, < 7.4.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54259",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T15:49:11.542992Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T15:49:19.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1.0, \u003c 7.3.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.4.0, \u003c 7.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser\u0027s chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could see the filename and name and URLs of documents and images in those collections. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T21:09:19.800Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-h54r-xq46-qwqm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-h54r-xq46-qwqm"
        }
      ],
      "source": {
        "advisory": "GHSA-h54r-xq46-qwqm",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Improper restriction handling on Documents and Images chosen endpoints"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54259",
    "datePublished": "2026-07-01T21:09:19.800Z",
    "dateReserved": "2026-06-12T17:13:32.278Z",
    "dateUpdated": "2026-07-02T15:49:19.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45196 (GCVE-0-2026-45196)

Vulnerability from cvelistv5 – Published: 2026-07-10 20:53 – Updated: 2026-07-15 03:59
VLAI
Title
GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel
Summary
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges (4.15)
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.18 RTM2 (custom)
Affected: 23.2 RTM2 (custom)
Affected: 24.2 RTM2 (custom)
Affected: 25.1 RTM2 , ≤ 25.3 RTM (custom)
Affected: 26.1 RTM1 (custom)
Unaffected: 26.1 RTM2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-45196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T03:59:55.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "1.18 RTM2",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "23.2 RTM2",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "24.2 RTM2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "25.3 RTM",
              "status": "affected",
              "version": "25.1 RTM2",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "26.1 RTM1",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "26.1 RTM2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eKernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation.\u003c/p\u003e"
            }
          ],
          "value": "Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-480",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-480: Escaping Virtualization (Version 3.9)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-10T20:53:50.761Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - Arbitrary GPU register write in rgxfw_hwperf_hw due to unsanitized pointers from host kernel",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2026-45196",
    "datePublished": "2026-07-10T20:53:50.761Z",
    "dateReserved": "2026-05-11T10:58:04.162Z",
    "dateUpdated": "2026-07-15T03:59:55.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45195 (GCVE-0-2026-45195)

Vulnerability from cvelistv5 – Published: 2026-06-26 15:18 – Updated: 2026-06-26 19:15
VLAI
Title
GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted
Summary
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges (4.15)
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.18 RTM (custom)
Affected: 23.2 RTM (custom)
Affected: 24.2 RTM (custom)
Affected: 25.1 RTM , ≤ 25.3 RTM (custom)
Affected: 26.1 RTM (custom)
Unaffected: 26.2 RTM (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-45195",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T19:14:26.787970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T19:15:23.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "1.18 RTM",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "23.2 RTM",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "24.2 RTM",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "25.3 RTM",
              "status": "affected",
              "version": "25.1 RTM",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "26.1 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "26.2 RTM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eKernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.\u003c/p\u003e\u003cp\u003eAddresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.\u003c/p\u003e"
            }
          ],
          "value": "Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel.\n\n\n\nAddresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-480",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC - CAPEC-480: Escaping Virtualization (Version 3.9)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges (4.15)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T15:18:20.469Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - rgxfw_set_mips_fault_address(\u0026psInit-\u003esFaultPhysAddr) is untrusted",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2026-45195",
    "datePublished": "2026-06-26T15:18:20.469Z",
    "dateReserved": "2026-05-11T10:58:04.162Z",
    "dateUpdated": "2026-06-26T19:15:23.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44201 (GCVE-0-2026-44201)

Vulnerability from cvelistv5 – Published: 2026-05-11 14:42 – Updated: 2026-05-12 13:45
VLAI
Title
Wagtail: Improper restriction handling on Documents and Images API
Summary
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.7
Affected: >= 7.1, < 7.3.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T13:45:22.754566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T13:45:39.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1, \u003c 7.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T14:42:22.055Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6"
        }
      ],
      "source": {
        "advisory": "GHSA-p5gm-92h4-6pv6",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Improper restriction handling on Documents and Images API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44201",
    "datePublished": "2026-05-11T14:42:22.055Z",
    "dateReserved": "2026-05-05T15:13:47.571Z",
    "dateUpdated": "2026-05-12T13:45:39.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44200 (GCVE-0-2026-44200)

Vulnerability from cvelistv5 – Published: 2026-05-11 14:41 – Updated: 2026-05-11 19:07
VLAI
Title
Wagtail: Improper permission handling when copying pages
Summary
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.7
Affected: >= 7.1, < 7.3.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44200",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T18:54:04.086666Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T19:07:11.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1, \u003c 7.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don\u0027t have access to to an area of the site they do. Once coped, they\u0027d be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T14:41:41.807Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3"
        }
      ],
      "source": {
        "advisory": "GHSA-67rv-mg8q-5pf3",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Improper permission handling when copying pages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44200",
    "datePublished": "2026-05-11T14:41:41.807Z",
    "dateReserved": "2026-05-05T15:13:47.570Z",
    "dateUpdated": "2026-05-11T19:07:11.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44199 (GCVE-0-2026-44199)

Vulnerability from cvelistv5 – Published: 2026-05-11 14:40 – Updated: 2026-05-11 18:23
VLAI
Title
Wagtail: Improper permission handling when deleting form submissions
Summary
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.7
Affected: >= 7.1, < 7.3.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T18:22:48.016044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T18:23:01.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1, \u003c 7.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don\u0027t have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don\u0027t. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T14:40:58.488Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx"
        }
      ],
      "source": {
        "advisory": "GHSA-pwm3-7fv4-g6xx",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Improper permission handling when deleting form submissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44199",
    "datePublished": "2026-05-11T14:40:58.488Z",
    "dateReserved": "2026-05-05T15:13:47.570Z",
    "dateUpdated": "2026-05-11T18:23:01.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44198 (GCVE-0-2026-44198)

Vulnerability from cvelistv5 – Published: 2026-05-11 14:40 – Updated: 2026-05-11 15:53
VLAI
Title
Wagtail: Improper permission handling when viewing page history
Summary
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
Vendor Product Version
wagtail wagtail Affected: < 7.0.7
Affected: >= 7.1, < 7.3.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T15:53:32.927808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-11T15:53:39.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wagtail",
          "vendor": "wagtail",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.1, \u003c 7.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T14:40:07.186Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6"
        }
      ],
      "source": {
        "advisory": "GHSA-c4mr-889m-vgf6",
        "discovery": "UNKNOWN"
      },
      "title": "Wagtail: Improper permission handling when viewing page history"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44198",
    "datePublished": "2026-05-11T14:40:07.186Z",
    "dateReserved": "2026-05-05T15:13:47.570Z",
    "dateUpdated": "2026-05-11T15:53:39.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Implementation

Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures.

No CAPEC attack patterns related to this CWE.