CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,771 vulnerabilities with CWE-269
CVE-2026-28586 LOW
Android 15-16 AppOpsService - Local Information Disclosure
CVSS 3.3
CVE-2026-0091 HIGH
Google Android - Improper Privilege Management
CVSS 7.8
CVE-2026-0089 HIGH
Google Android - Improper Privilege Management
CVSS 7.8
CVE-2026-0086 MEDIUM
Android 16-qpr2 DisableSupervisionActivity - Local Privilege Escalation
CVSS 6.8
CVE-2026-0055 MEDIUM
Android PackageInstallerService - Path Traversal and Local Privilege Escalation via createSessionInternal
CVSS 6.2
CVE-2026-0050 LOW
Android 15-16 AdapterService - Bluetooth Information Disclosure
CVSS 3.3
CVE-2026-0048 MEDIUM
Android 14-16 WindowState - Permission Approval Tapjacking
CVSS 6.8
CVE-2026-0046 MEDIUM
Android 14-16 Letterbox InputInterceptor - Tapjacking Privilege Escalation
CVSS 6.2
CVE-2026-0016 LOW
Android CredentialManagerService - Permissions Bypass and Local Information Disclosure
CVSS 3.3
CVE-2026-0009 HIGH
Android 15-16 - Tapjacking Privilege Escalation
CVSS 7.8
CVE-2026-10217 MEDIUM
nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management
CVSS 6.3
CVE-2026-48210 MEDIUM
OTRS - Possible Information Disclosure via External Interface
CVSS 5.7
CVE-2026-7465 HIGH
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
CVSS 8.8
CVE-2026-47744 CRITICAL
Shopper: Authorization bypass and RBAC privilege escalation in team settings
CVSS 9.9
CVE-2026-45632 CRITICAL
Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution
CVSS 9.9
CVE-2026-45043 CRITICAL
RustFS: ImportIam Allows Creation of Backdoor Service Accounts Under Any Parent Including Root
CVE-2026-9999 HIGH
Google Chrome - Arbitrary Code Execution
CVSS 8.8
CVE-2026-9918 CRITICAL
Google Chrome < 148.0.7778.216 - Sandbox Escape via Tint Implementation
CVSS 9.6
CVE-2026-9892 HIGH
Google Chrome < 148.0.7778.216 - Sandbox Escape via Skia Implementation
CVSS 8.3
CVE-2026-8809 CRITICAL
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVSS 9.8
CVE-2026-46837 HIGH
Oracle Flow Manufacturing 12.2.9-12.2.15 - Authenticated Remote Code Execution via SQL
CVSS 8.8
CVE-2026-46827 HIGH
Oracle Payroll 12.2.3-12.2.15 - Authenticated Remote Code Execution in Self Service Manager
CVSS 8.8
CVE-2026-46824 CRITICAL
Oracle Universal Work Queue 12.2.3-12.2.15 - Remote Code Execution via Work Provider
CVSS 9.9
CVE-2026-46817 CRITICAL
Oracle Payments 12.2.3-12.2.15 - Unauthenticated Remote Code Execution via File Transmission
CVSS 9.8
CVE-2026-44543 HIGH
Local Path Provisioner: HelperPod Template Injection
CVSS 8.7
Details
Vulnerabilities 2,771
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits