Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

814 vulnerabilities with CWE-266

CVE-2026-5529 MEDIUM

Dromara lamp-cloud DefUserController pageUser improper authorization

CVE-2026-5526 HIGH

Tenda 4G03 Pro httpd access control

CVE-2026-5484 MEDIUM

BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control

CVE-2026-5330 MEDIUM

SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

CVE-2026-5312 MEDIUM

D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

CVE-2026-5311 MEDIUM

D-Link DNS-1550-04 file_center.cgi Webdav_Access_List access control

CVE-2026-5215 MEDIUM

D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

CVE-2026-32916 CRITICAL

OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes

CVE-2026-5124 LOW

osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control

CVE-2026-5122 LOW

osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control

CVE-2026-5107 MEDIUM

FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

CVE-2026-32922 CRITICAL

OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

CVE-2026-4990 HIGH

chatwoot Signup Endpoint login improper authorization

CVE-2026-3121 MEDIUM

Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

CVE-2026-4824 HIGH

Enter Software Iperius Backup Backup Job Configuration File privileges management

CVE-2026-32530 HIGH

WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability

CVE-2026-32520 CRITICAL

WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability

CVE-2026-32519 CRITICAL

WordPress Bit SMTP plugin <= 1.2.2 - Broken Authentication vulnerability

CVE-2026-32488 HIGH

WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability

CVE-2026-27051 CRITICAL

WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability

CVE-2026-25414 HIGH

WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability

CVE-2026-25334 HIGH

WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability

CVE-2026-24971 CRITICAL

WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

CVE-2026-24968 CRITICAL

WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability

CVE-2026-24373 HIGH

WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Previous Page 2 of 33 Next

Details

Vulnerabilities 814

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy