CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,771 vulnerabilities with CWE-269
CVE-2026-6750 CRITICAL
Privilege escalation in the Graphics: WebRender component
CVSS 9.8
CVE-2026-31369 LOW
Privilege Bypass in PcManager
CVSS 3.2
CVE-2026-31368 HIGH
Privilege Bypass in AiAssistant
CVSS 7.8
CVE-2026-39386 HIGH
Neko has Self-service Privilege Escalation for Authenticated Users
CVSS 8.8
CVE-2026-29648 HIGH
OpenXiangShan NEMU - Privilege Escalation
CVSS 8.8
CVE-2026-29647 MEDIUM
OpenXiangShan NEMU - Privilege Escalation
CVSS 6.5
CVE-2026-35154 MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.7.0.0 - Privilege Escalation
CVSS 6.3
CVE-2026-30269 CRITICAL
Doorman 0.1.0/1.0.2 - Privilege Escalation
CVSS 9.9
CVE-2026-40572 CRITICAL
NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange)
CVSS 9.0
CVE-2026-40317 CRITICAL
NovumOS has Privilege Escalation in the Syscall Interface
CVSS 9.3
CVE-2026-40484 CRITICAL
ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function
CVSS 9.1
CVE-2026-40002 MEDIUM
ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.
CVSS 5.0
CVE-2026-23772 HIGH
Dell Storage Manager <8.0.3 - Privilege Escalation
CVSS 7.3
CVE-2026-4880 CRITICAL
Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication
CVSS 9.8
CVE-2026-34393 HIGH
Weblate: Privilege escalation in the user API endpoint
CVSS 8.8
CVE-2026-40291 HIGH
Chamilo LMS has Privilege Escalation via API User Role Modification
CVSS 8.8
CVE-2026-32212 MEDIUM
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-32181 MEDIUM
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVSS 5.5
CVE-2026-38529 HIGH
Webkul Krayin CRM 2.2.x - Auth Bypass
CVSS 8.8
CVE-2026-5144 HIGH
BuddyPress Groupblog <=1.9.3 - Subscriber Privilege Escalation
CVSS 8.8
CVE-2026-33706 HIGH
Chamilo LMS REST API - Student-to-Teacher Privilege Escalation
CVSS 7.1
CVE-2026-35595 HIGH
Vikunja Affected by Privilege Escalation via Project Reparenting
CVSS 8.3
CVE-2026-29923 HIGH
EnTech Taiwan PowerStrip <=3.90.736 - Privilege Escalation
CVSS 7.8
CVE-2026-39961 MEDIUM
Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource
CVSS 6.8
CVE-2026-35607 HIGH
File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands
CVSS 8.1
Details
Vulnerabilities 2,771
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits