CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,772 vulnerabilities with CWE-269
CVE-2026-0920 CRITICAL
LA-Studio Element Kit - Privilege Escalation
CVSS 9.8
CVE-2026-23990 MEDIUM
Flux Operator <0.40.0 - Privilege Escalation
CVSS 5.3
CVE-2026-21983 HIGH
Oracle VM VirtualBox 7.1.14 and 7.2.4 - Privilege Escalation
CVSS 7.5
CVE-2026-21981 MEDIUM
Oracle VM VirtualBox 7.1.14 and 7.2.4 - Authenticated Unauthorized Data Access and Partial Denial of Service
CVSS 4.6
CVE-2026-21963 MEDIUM
Oracle VM VirtualBox 7.1.14 and 7.2.4 - Authenticated Unauthorized Data Access
CVSS 6.0
CVE-2026-21957 HIGH
Oracle VM VirtualBox 7.1.14 and 7.2.4 - Privilege Escalation in Core Component
CVSS 7.5
CVE-2026-21223 HIGH
Microsoft Edge - Privilege Escalation
CVSS 7.1
CVE-2026-1010 HIGH
Altium On-Prem Enterprise Server - Authenticated Stored Cross-Site Scripting via Workflow Form Submission
CVSS 8.0
CVE-2026-23477 HIGH
Rocket.Chat <6.12.0 - Info Disclosure
CVSS 7.7
CVE-2026-22708 CRITICAL
Cursor < 2.3 - Environment Variable Manipulation via Shell Built-in Execution
CVSS 9.8
CVE-2026-22238 CRITICAL
BLUVOYIX - Unauthenticated Privilege Escalation via Admin API
CVSS 9.8
CVE-2026-22804 HIGH
Termix 1.7.0-1.9.0 - Stored Cross-Site Scripting via SVG File Preview
CVSS 8.0
CVE-2026-22043 CRITICAL
RustFS 1.0.0-alpha.13-1.0.0-alpha.78 - Privilege Escalation via Flawed IAM deny_only Short-Circuit
CVSS 9.8
CVE-2026-22536 HIGH
Sudo <unknown> - Privilege Escalation
CVE-2025-31272 HIGH
Apple macOS < 15.4 - Improper Privilege Management
CVSS 7.8
CVE-2025-6254 CRITICAL
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
CVSS 9.8
CVE-2025-5088 HIGH
Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session
CVSS 8.3
CVE-2025-43306 HIGH
macOS < 14.8, < 15.7, < 26 - Privilege Escalation
CVSS 7.8
CVE-2025-62625 MEDIUM
Amd Ryzen™ 4000 Series Mobile Processors With Radeon™ Graphics - Improper Privilege Management
CVE-2025-13618 CRITICAL
Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration
CVSS 9.8
CVE-2025-52347 HIGH
PassMark BurnInTest 11.0 Build 1011 - Privilege Escalation
CVSS 7.8
CVE-2025-69689 HIGH
Fan Control - Improper Privilege Management
CVSS 8.8
CVE-2025-70795 MEDIUM
Safetica STProcessMonitor 11.11.4.0 - Authenticated Denial of Service via IOCTL Handler
CVSS 5.5
CVE-2025-70888 CRITICAL
Osslsigncode <=2.10 - Privilege Escalation
CVSS 9.8
CVE-2025-70887 HIGH
Signify <0.9.2 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities 2,772
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits