CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,771 vulnerabilities with CWE-269
CVE-2026-12217 HIGH
DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management
CVSS 7.8
CVE-2026-46716 CRITICAL
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
CVSS 9.9
CVE-2026-12018 HIGH
Google Chrome - Privilege Escalation
CVSS 8.8
CVE-2026-45176 HIGH
Idira Endpoint Privilege Manager Agent: Local Privilege Escalation via Internal Communication or File Operation Manipulation
CVE-2026-50570 HIGH
Fission < 1.25.0 PodSpec Validation - CAP_SYS_TIME Privilege Escalation
CVSS 8.5
CVE-2026-50566 CRITICAL
Fission < 1.24.0 Environment Validation - Privileged Pod Creation
CVSS 9.9
CVE-2026-50565 MEDIUM
Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container
CVSS 4.9
CVE-2026-50564 CRITICAL
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
CVSS 9.9
CVE-2026-50563 CRITICAL
Fission Container Executor Function PodSpec Injection Leading to Node Escape
CVSS 9.9
CVE-2026-50545 CRITICAL
Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover
CVSS 9.9
CVE-2026-46618 MEDIUM
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
CVE-2026-46617 HIGH
Fission < 1.23.0 Runtime Pods - Service Account Token Exposure
CVE-2026-11616 HIGH
Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation
CVSS 8.8
CVE-2026-44119 MEDIUM
Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
CVSS 5.5
CVE-2026-11423 CRITICAL
Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation
CVE-2026-11308 MEDIUM
Google Chrome - Privilege Escalation
CVSS 6.3
CVE-2026-11296 HIGH
Google Chrome - Privilege Escalation
CVSS 7.5
CVE-2026-11295 HIGH
Google Chrome - Privilege Escalation
CVSS 8.8
CVE-2026-11276 MEDIUM
Google Chrome < 149.0.7827.53 - Discretionary Access Control Bypass via Cast Network Traffic
CVSS 5.1
CVE-2026-11229 MEDIUM
Google Chrome - Privilege Escalation
CVSS 6.1
CVE-2026-11108 HIGH
Google Chrome - Privilege Escalation
CVSS 8.8
CVE-2026-11103 HIGH
Google Chrome - Privilege Escalation
CVSS 7.8
CVE-2026-10868 CRITICAL
MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification
CVE-2026-49189 HIGH
Acer Connect M6E 5G Portable WiFi Router - Broadcast Receiver Privilege Escalation
CVSS 7.8
CVE-2026-8206 CRITICAL
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
CVSS 9.8
Details
Vulnerabilities 2,771
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits