CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266
CVE-2026-22069 HIGH
O+ Connect Local Privilege Escalation Vulnerability
CVSS 7.3
CVE-2026-8752 MEDIUM
h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control
CVSS 5.3
CVE-2026-8747 MEDIUM
Z-BlogPHP Commend Approval c_system_event.php CheckComment improper authorization
CVSS 6.3
CVE-2026-8743 MEDIUM
Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id improper authorization
CVSS 6.3
CVE-2026-35062 MEDIUM
F5 BIG-IP 21.1.0-21.0.0.1/17.5.1-17.5.1.4/17.1.0-17.1.3.1/16.1.0 Authenticated Info Disclosure via iControl SOAP
CVSS 6.5
CVE-2026-44997 MEDIUM
OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions
CVSS 4.3
CVE-2026-8241 MEDIUM
Industrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authorization
CVSS 5.3
CVE-2026-8233 MEDIUM
Dotouch XproUPF access control
CVSS 4.6
CVE-2026-8148 HIGH
NAVER MYBOX Explorer < 3.0.11.160 - Privilege Escalation via Registry Manipulation
CVSS 7.8
CVE-2026-8127 MEDIUM
eladmin Users API Endpoint UserController.java checkLevel access control
CVSS 6.3
CVE-2026-43510 HIGH
CISA manage.get.gov insecure portfolio administrative privileges
CVSS 7.6
CVE-2026-43535 MEDIUM
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collect-Mode Queue Batches
CVSS 6.8
CVE-2026-42368 CRITICAL
GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability
CVSS 9.9
CVE-2026-7713 MEDIUM
crocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorization
CVSS 6.3
CVE-2026-7709 MEDIUM
janeczku Calibre-Web Endpoint kobo_auth.py generate_auth_token improper authorization
CVSS 6.3
CVE-2026-7686 MEDIUM
eyeo Adblock Plus Legacy Premium Activation premium.preload.js postMessage access control
CVSS 5.3
CVE-2026-7644 HIGH
ChatGPTNextWeb NextChat actions.ts addMcpServer improper authorization
CVSS 7.3
CVE-2026-7631 MEDIUM
code-projects Online Hospital Management System Registration improper authorization
CVSS 5.4
CVE-2026-7602 MEDIUM
JeecgBoot FillRuleUtil edit improper authorization
CVSS 6.3
CVE-2026-7505 HIGH
nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization
CVSS 7.3
CVE-2026-7468 HIGH
1024-lab smart-admin Demo Site index.html access control
CVSS 7.3
CVE-2026-5141 HIGH
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
CVSS 8.8
CVE-2026-7292 MEDIUM
o2oa NodeAgent NodeAgent.java syncFile improper authorization
CVSS 5.6
CVE-2026-7142 MEDIUM
Wooey API Endpoint scripts.py add_or_update_script improper authorization
CVSS 6.3
CVE-2026-22337 CRITICAL
WordPress Directorist Social Login plugin < 2.1.4 - Privilege Escalation vulnerability
CVSS 9.8
Details
Vulnerabilities 914
Links
MITRE CWE Entry Search this CWE With Exploits