CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266
CVE-2026-1411 MEDIUM
Beetel 777VR1 Firmware < 01.00.09_55 - Incorrect Privilege Assignment via UART Interface
CVSS 6.1
CVE-2026-1193 MEDIUM
MineAdmin 1.x/2.x - Improper Authorization in View Interface
CVSS 6.3
CVE-2026-1141 MEDIUM
PHPGurukul News Portal 1.0 - Incorrect Privilege Assignment in Add Sub-Admin Page
CVSS 6.3
CVE-2026-1112 MEDIUM
PublicCMS < 5.202506.d - Improper Authorization via Trade Address Deletion Endpoint
CVSS 5.4
CVE-2026-1106 MEDIUM
Chamilo LMS <2.0.0 Beta 1 - Auth Bypass
CVSS 5.4
CVE-2026-23800 CRITICAL
Modular DS <2.6.0 - Privilege Escalation
CVSS 10.0
CVE-2026-22916 MEDIUM
SICK TDC-X401GL Firmware - Incorrect Privilege Assignment
CVSS 4.3
CVE-2026-22914 MEDIUM
SICK TDC-X401GL Firmware - Incorrect Privilege Assignment
CVSS 4.3
CVE-2026-22908 CRITICAL
SICK TDC-X401GL Firmware < 1.4.0 - Incorrect Privilege Assignment via Unvalidated Container Image Upload
CVSS 9.1
CVE-2026-22907 CRITICAL
SICK TDC-X401GL Firmware < 1.4.0 - Unauthorized Host Filesystem Access
CVSS 9.9
CVE-2026-23550 CRITICAL
Modular DS <= 2.5.1 - Incorrect Privilege Assignment
CVSS 9.8
CVE-2026-20852 HIGH
Windows Hello < Privilege Escalation
CVSS 7.7
CVE-2026-20804 HIGH
Windows Hello < Privilege Escalation
CVSS 7.7
CVE-2026-0574 MEDIUM
yeqifu warehouse <aaf29962ba407d22d991781de28796ee7b4670e4 - Privil...
CVSS 6.3
CVE-2025-15656 HIGH
WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability
CVSS 8.8
CVE-2025-53209 CRITICAL
WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability
CVSS 9.8
CVE-2025-32747 MEDIUM
Dell PowerFlex Manager (Appliance) - Incorrect Privilege Assignment
CVSS 5.3
CVE-2025-68420 HIGH
Privilege Escalation in Comarch ERP Optima
CVE-2025-15597 MEDIUM
Dataease SQLBot <1.4.0 - Auth Bypass
CVSS 6.3
CVE-2025-33179 HIGH
NVIDIA Cumulus Linux/NVOS - Privilege Escalation
CVSS 8.0
CVE-2025-69378 HIGH
XforWooCommerce Product Filter <=9.1.2 - Privilege Escalation
CVSS 7.2
CVE-2025-14282 MEDIUM
dropbear >=2024.84 <2025.88 - Authenticated Privilege Escalation via Unix Domain Socket Forwarding
CVSS 5.4
CVE-2025-14778 MEDIUM
Keycloak < 26.2.13 - Incorrect Privilege Assignment in UserManagedPermissionService
CVSS 5.4
CVE-2025-13881 LOW
Keycloak Services 26.5.0-26.5.1 - Unauthorized Sensitive Attribute Disclosure via UnmanagedAttributes Endpoint
CVSS 2.7
CVE-2025-69293 HIGH
e-plugins Final User <= 1.2.5 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 914
Links
MITRE CWE Entry Search this CWE With Exploits