The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,771 vulnerabilities with CWE-269
CVE-2026-8970
HIGH
Firefox < 140.11 and 140.11-150.0 - Privilege Escalation
CVSS 8.8
CVE-2026-8957
HIGH
Firefox < 140.11 and 140.11-140.* and >=151 - Privilege Escalation in Enterprise Policies
CVSS 8.8
CVE-2026-8955
HIGH
Privilege escalation in the DOM: Workers component
CVSS 8.8
CVE-2026-8952
HIGH
Firefox < 151.0.0 and Thunderbird < 151.0.0 - Privilege Escalation in Application Update Component
CVSS 8.8
CVE-2026-32323
HIGH
Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer
CVSS 7.3
CVE-2026-41085
HIGH
Thermo Fisher Scientific Torrent Suite Dx <=5.14.2 - Privilege Escalation
CVSS 8.8
CVE-2026-8719
HIGH
AI Engine for WordPress 3.4.9 - MCP OAuth Privilege Escalation
CVSS 8.8
CVE-2026-45395
HIGH
Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
CVSS 7.2
CVE-2026-45675
HIGH
Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts
CVSS 8.1
CVE-2026-46333
HIGH
ptrace: slightly saner 'get_dumpable()' logic
CVSS 7.1
CVE-2026-6228
HIGH
Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form
CVSS 8.8
CVE-2026-5193
MEDIUM
Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user
CVSS 6.5
CVE-2026-44470
HIGH
Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService
CVSS 7.8
CVE-2026-42289
HIGH
ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
CVSS 8.8
CVE-2026-42844
HIGH
Grav: Low-privileged API users can create super-admin accounts via blueprint-upload
CVSS 8.8
CVE-2026-44224
HIGH
Wiki.js: Privilege Escalation via Missing Group Validation in users.update
CVSS 8.8
CVE-2026-44218
LOW
ciguard: Container image runs as root (no USER directive)
CVSS 3.0
CVE-2026-33821
HIGH
Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
CVSS 7.7
CVE-2026-43886
HIGH
Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access
CVSS 8.2
CVE-2026-41489
HIGH
Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks
CVSS 8.8
CVE-2026-28995
HIGH
iOS and iPadOS < 18.7.9 - Sandbox Escape via Logic Issue
CVSS 8.8
CVE-2026-28976
HIGH
macOS < 26.5 - Unauthorized Root Privilege Escalation
CVSS 7.5
CVE-2026-28919
HIGH
macOS - Privilege Escalation
CVSS 7.8
CVE-2026-28840
HIGH
macOS - Privilege Escalation
CVSS 7.8
CVE-2026-42609
HIGH
Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic
CVSS 8.1
Details
Vulnerabilities
2,771
Exploit Likelihood
Medium