Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2026-5215 MEDIUM

D-Link DNS-1550-04 network_mgr.cgi cgi_get_ipv6 access control

CVE-2026-32916 CRITICAL

OpenClaw 2026.3.7 < 2026.3.11 - Authorization Bypass in Plugin Subagent Routes via Synthetic Admin Scopes

CVE-2026-5124 LOW

osrg GoBGP BGP Header bgp.go BGPHeader.DecodeFromBytes access control

CVE-2026-5122 LOW

osrg GoBGP BGP OPEN Message bgp.go DecodeFromBytes access control

CVE-2026-5107 MEDIUM

FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control

CVE-2026-32922 CRITICAL

OpenClaw < 2026.3.11 - Privilege Escalation via Unvalidated Scope in device.token.rotate

CVE-2026-4990 HIGH

chatwoot Signup Endpoint login improper authorization

CVE-2026-3121 MEDIUM

Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

CVE-2026-4824 HIGH

Enter Software Iperius Backup Backup Job Configuration File privileges management

CVE-2026-32530 HIGH

WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability

CVE-2026-32520 CRITICAL

WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability

CVE-2026-32519 CRITICAL

WordPress Bit SMTP plugin <= 1.2.2 - Broken Authentication vulnerability

CVE-2026-32488 HIGH

WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability

CVE-2026-27051 CRITICAL

WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability

CVE-2026-25414 HIGH

WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability

CVE-2026-25334 HIGH

WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability

CVE-2026-24971 CRITICAL

WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

CVE-2026-24968 CRITICAL

WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability

CVE-2026-24373 HIGH

WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

CVE-2026-1712 MEDIUM

HYPR Server 10.5.1-10.6.9 - Privilege Escalation via Incorrect Privilege Assignment

CVE-2026-20110 MEDIUM

Cisco IOS XE Software 16.6.1-16.6.10 - Authenticated Denial of Service via Maintenance Mode Command

CVE-2026-4617 HIGH

SourceCodester Patients Waiting Area Queue Management System Patient Check-In api_patient_checkin.php ValidateToken improper authorization

CVE-2026-4548 MEDIUM

mickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorization

CVE-2026-4514 MEDIUM

PbootCMS Backend UserController.php access control

CVE-2026-27542 CRITICAL

WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability

Previous Page 6 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy