CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,771 vulnerabilities with CWE-269
CVE-2026-8980 CRITICAL
Mennekes Amtron < 5.22.3 - Privilege Escalation
CVE-2026-6226 HIGH
Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Configuration Injection
CVSS 8.8
CVE-2026-9789 HIGH
NitroSense V3: Security Vulnerability Information
CVE-2026-33552 LOW
Northern.tech Mender Enterprise Server < 4.1.1 - Incorrect Access Control
CVSS 3.7
CVE-2026-46424 MEDIUM
Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour
CVSS 4.2
CVE-2026-45716 HIGH
Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration
CVSS 8.8
CVE-2026-48926 MEDIUM
Jenkins Job Import Plugin < 143.v044a_2e819b_27 - Improper Privilege Management
CVSS 4.3
CVE-2026-48923 MEDIUM
Jenkins AppSpider Plugin < 1.0.17 - Improper Privilege Management
CVSS 4.3
CVE-2026-8787 HIGH
Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
CVSS 8.8
CVE-2026-9490 MEDIUM
Acer Care Center creates a Named Pipe with a weak Security Descriptor
CVSS 5.5
CVE-2026-9489 HIGH
NitroSense V3: Local Privilege Escalation (LPE) vulnerability
CVE-2026-6898 HIGH
WishList Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key via 'wlm3_generate_api_key' AJAX action
CVSS 8.8
CVE-2026-6897 HIGH
Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action
CVSS 8.8
CVE-2026-6895 HIGH
Wishlist Member < 3.30.1 - Privilege Escalation
CVSS 8.8
CVE-2026-6419 HIGH
Wishlist Member < 3.30.1 - Privilege Escalation
CVSS 8.8
CVE-2026-23663 HIGH
Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability
CVSS 7.5
CVE-2026-40172 HIGH
authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser
CVSS 8.1
CVE-2026-9018 HIGH
Easy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter
CVSS 8.8
CVE-2026-8327 MEDIUM
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.
CVSS 4.3
CVE-2026-5118 CRITICAL
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
CVSS 9.8
CVE-2026-45254 MEDIUM
FreeBSD 15.0-RELEASE < p9, 14.4-RELEASE < p5, 14.3-RELEASE < p14 - Improper Privilege Management in cap_net Service
CVSS 6.5
CVE-2026-7467 HIGH
Read More & Accordion <= 3.5.7 - Privilege Escalation via importData
CVSS 8.8
CVE-2026-7284 CRITICAL
Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register
CVSS 9.8
CVE-2026-31070 CRITICAL
LalanaChami Pharmacy Management System - Unauthenticated Privilege Escalation via Role Parameter Manipulation
CVSS 9.8
CVE-2026-8972 HIGH
Privilege escalation in the WebRTC: Audio/Video component
CVSS 8.8
Details
Vulnerabilities 2,771
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits