CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

814 vulnerabilities with CWE-266
CVE-2026-7505 HIGH
nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization
CVSS 7.3
CVE-2026-7468 HIGH
1024-lab smart-admin Demo Site index.html access control
CVSS 7.3
CVE-2026-5141 HIGH
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
CVSS 8.8
CVE-2026-7292 MEDIUM
o2oa NodeAgent NodeAgent.java syncFile improper authorization
CVSS 5.6
CVE-2026-7142 MEDIUM
Wooey API Endpoint scripts.py add_or_update_script improper authorization
CVSS 6.3
CVE-2026-22337 CRITICAL
WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability
CVSS 9.8
CVE-2026-7109 MEDIUM
code-projects Invoice System in Laravel API Endpoint item improper authorization
CVSS 5.3
CVE-2026-7093 MEDIUM
code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization
CVSS 6.3
CVE-2026-7092 MEDIUM
code-projects Invoice System in Laravel Profile profile improper authorization
CVSS 6.3
CVE-2026-7091 MEDIUM
code-projects Invoice System in Laravel User Management user improper authorization
CVSS 6.3
CVE-2026-6977 HIGH
vanna-ai vanna Legacy Flask API improper authorization
CVSS 7.3
CVE-2026-33519 CRITICAL
Incorrect privilege assignment in Portal for ArcGIS
CVSS 9.8
CVE-2026-33518 CRITICAL
Incorrect privilege assignment in Portal for ArcGIS
CVSS 9.8
CVE-2026-40869 HIGH
Decidim amendments can be accepted or rejected by anyone
CVSS 7.5
CVE-2026-6634 MEDIUM
usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization
CVSS 6.3
CVE-2026-6609 MEDIUM
liangliangyy DjangoBlog views.py form_valid improper authorization
CVSS 6.3
CVE-2026-6572 MEDIUM
Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization
CVSS 5.6
CVE-2026-6564 MEDIUM
EMQ EMQX Enterprise Session Handling improper authorization
CVSS 4.3
CVE-2026-27668 HIGH
Siemens RUGGEDCOM CROSSBOW SAM-P <V5.8 - Privilege Escalation
CVSS 8.8
CVE-2026-6201 MEDIUM
CodeAstro Online Job Portal Delete Job Posting job-delete.php access control
CVSS 5.4
CVE-2026-6105 HIGH
perfree go-fastdfs-web doInstall InstallController.java improper authorization
CVSS 7.3
CVE-2026-5999 MEDIUM
JeecgBoot SysAnnouncementController improper authorization
CVSS 6.3
CVE-2026-27102 MEDIUM
Dell PowerScale OneFS 9.5.0.0-9.10.1.6/9.11.0.0-9.13.0.1 - Privilege Escalation
CVSS 6.6
CVE-2026-5642 HIGH
Cyber-III Student-Management-System HTTP POST Request update.php improper authorization
CVSS 7.3
CVE-2026-5569 HIGH
Technostrobe HI-LED-WR120-G2 Endpoint access control
CVSS 7.3
Details
Vulnerabilities 814
Links
MITRE CWE Entry Search this CWE With Exploits