CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,642 vulnerabilities with CWE-269
CVE-2026-29111 MEDIUM
systemd v239-v249 - Memory Corruption
CVSS 5.5
CVE-2026-4314 HIGH
The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module
CVSS 8.8
CVE-2026-3629 HIGH
Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields
CVSS 8.1
CVE-2026-2375 MEDIUM
App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter
CVSS 6.5
CVE-2026-31836 HIGH
Mass Assignment Privilege Escalation in Checkmate
CVSS 8.1
CVE-2026-30888 LOW
Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint
CVSS 2.2
CVE-2026-32760 CRITICAL
File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
CVSS 9.8
CVE-2026-30874 LOW
OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation
CVE-2026-25770 CRITICAL
Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
CVSS 9.1
CVE-2026-32106 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
CVSS 4.7
CVE-2026-2640 MEDIUM
Lenovo PC Manager - Privilege Escalation
CVSS 5.5
CVE-2026-24510 MEDIUM
Dell AWCC <6.12.24.0 - Privilege Escalation
CVSS 6.7
CVE-2026-31852 CRITICAL
Jellyfin jellyfin-ios - Code Injection
CVSS 10.0
CVE-2026-30902 HIGH
Zoom Client for Windows - Privilege Escalation
CVSS 7.8
CVE-2026-1993 HIGH
ExactMetrics 7.1.0-9.0.2 - Privilege Escalation
CVSS 8.8
CVE-2026-2631 CRITICAL
Datalogics Ecommerce Delivery <2.6.60 - Privilege Escalation
CVSS 9.8
CVE-2026-31834 HIGH
Umbraco 15.3.1-16.5.0/17.2.1 - Privilege Escalation
CVSS 7.2
CVE-2026-30960 CRITICAL
rssn - Code Injection
CVE-2026-26416 HIGH
TCS Cognix Recon Client 3.0 - Privilege Escalation
CVSS 8.8
CVE-2026-28548 HIGH
Email App - Info Disclosure
CVSS 7.1
CVE-2026-29127 HIGH
IDC SFX2100 - Privilege Escalation
CVSS 7.8
CVE-2026-29124 HIGH
IDC SFX2100 - Privilege Escalation
CVSS 7.8
CVE-2026-29123 HIGH
IDC SFX2100 - Privilege Escalation
CVSS 7.8
CVE-2026-29122 MEDIUM
IDC SFX2100 - Privilege Escalation
CVSS 5.5
CVE-2026-29121 HIGH
IDC SFX2100 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 2,642
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits