CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266
CVE-2026-11519 MEDIUM
SourceCodester Inventory System Account Creation users_handler.php improper authorization
CVSS 6.3
CVE-2026-11497 MEDIUM
D-Link DCS-5615 Boa Webserver boa.conf least privilege violation
CVSS 5.3
CVE-2026-11494 MEDIUM
TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation
CVSS 4.3
CVE-2026-11492 MEDIUM
D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
CVSS 4.3
CVE-2026-11476 MEDIUM
Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization
CVSS 6.3
CVE-2026-11466 MEDIUM
zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control
CVSS 5.4
CVE-2026-11462 HIGH
Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization
CVSS 7.3
CVE-2026-11441 MEDIUM
theonedev Pull Request issues canAccessIssue improper authorization
CVSS 6.3
CVE-2026-11440 MEDIUM
theonedev REST API default-branch improper authorization
CVSS 6.3
CVE-2026-11439 MEDIUM
theonedev Parent Project projects improper authorization
CVSS 6.3
CVE-2026-11438 MEDIUM
theonedev projects improper authorization
CVSS 6.3
CVE-2026-11336 MEDIUM
tittuvarghese CollegeManagementSystem Admin admin_page.php improper authorization
CVSS 6.3
CVE-2026-10876 MEDIUM
SourceCodester Ship Ferry Ticket Reservation System admin improper authorization
CVSS 6.3
CVE-2026-10693 MEDIUM
SourceCodester Online Boat Reservation System Administrative Endpoint improper authorization
CVSS 6.3
CVE-2026-10294 MEDIUM
PackageKit <= 1.3.5 - Improper Authorization via Frontend-Socket Argument
CVSS 4.3
CVE-2026-10285 MEDIUM
DevaslanPHP project-management <= 2.0.0-beta1 - Improper Authorization in KanbanScrumHelper Ticket Handler
CVSS 5.4
CVE-2026-10284 MEDIUM
DevaslanPHP project-management <= 2.0.0-beta1 - Incorrect Privilege Assignment in Livewire Handler
CVSS 5.4
CVE-2026-10282 MEDIUM
Bottelet DaybydayCRM <= 2.2.1 - Incorrect Privilege Assignment in DocumentsController
CVSS 4.3
CVE-2026-10277 MEDIUM
j3k0 mcp-google-workspace - Incorrect Privilege Assignment in Gmail Tool saveToDisk Function
CVSS 6.3
CVE-2026-10272 MEDIUM
a4m4 Student-Management-System deleteform.php improper authorization
CVSS 6.5
CVE-2026-10269 MEDIUM
decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization
CVSS 6.3
CVE-2026-48879 CRITICAL
WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability
CVSS 9.8
CVE-2026-42680 CRITICAL
WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
CVSS 9.8
CVE-2026-10255 MEDIUM
SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control
CVSS 5.3
CVE-2026-10236 HIGH
SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization
CVSS 7.3
Details
Vulnerabilities 914
Links
MITRE CWE Entry Search this CWE With Exploits