CWE-269

Medium likelihood

Improper Privilege Management

Parent: CWE-284 - Improper Access Control

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

2,772 vulnerabilities with CWE-269
CVE-2026-27899 HIGH
WireGuard Portal <2.1.3 - Privilege Escalation
CVSS 8.8
CVE-2026-22721 MEDIUM
VMware Aria Operations - Privilege Escalation
CVSS 6.2
CVE-2026-2914 HIGH
CyberArk Endpoint Privilege Manager <25.10.0 - Privilege Escalation
CVSS 7.8
CVE-2026-27208 CRITICAL
bleon-ethical/api-gateway-deploy 1.0.0 - Command Injection
CVSS 9.2
CVE-2026-2782 CRITICAL
Firefox <148 & ESR <140.8 - Privilege Escalation
CVSS 9.8
CVE-2026-2780 CRITICAL
Firefox <148 & ESR <140.8 - Privilege Escalation
CVSS 9.8
CVE-2026-2777 CRITICAL
Firefox <148 - Privilege Escalation
CVSS 9.8
CVE-2026-27198 HIGH
Formwork 2.0.0-2.3.3 - Privilege Escalation
CVSS 8.8
CVE-2026-26725 CRITICAL
Print Shop Pro WebDesk 18.34 - Privilege Escalation
CVSS 9.8
CVE-2026-26722 CRITICAL
Key Systems GFMS 20230721a - Privilege Escalation
CVSS 9.4
CVE-2026-1994 CRITICAL
s2Member WordPress Plugin <260127 - Privilege Escalation
CVSS 9.8
CVE-2026-0912 HIGH
Toret Manager Plugin 1.2.7 - Privilege Escalation
CVSS 8.8
CVE-2026-23599 HIGH
HPE Aruba ClearPass OnGuard Linux - Privilege Escalation
CVSS 7.8
CVE-2026-2563 MEDIUM
JingDong JD Cloud Box AX6600 <4.5.1.r4533 - Remote Privilege Escala...
CVSS 6.3
CVE-2026-2562 MEDIUM
JingDong JD Cloud Box AX6600 <4.5.1.r4533 - Remote Privilege Escala...
CVSS 6.3
CVE-2026-2561 MEDIUM
JingDong JD Cloud Box AX6600 <4.5.1.r4533 - Remote Privilege Escala...
CVSS 6.3
CVE-2026-26369 CRITICAL
eNet SMART HOME 2.2.1/2.3.1 - Privilege Escalation
CVSS 9.8
CVE-2026-1750 HIGH
Ecwid by Lightspeed Ecommerce Shopping Cart <7.0.7 - Privilege Esca...
CVSS 8.8
CVE-2026-2144 HIGH
Magic Login Mail or QR Code <2.05 - Privilege Escalation
CVSS 8.1
CVE-2026-24894 HIGH
FrankenPHP <1.11.2 - Info Disclosure
CVSS 7.5
CVE-2026-26010 HIGH
OpenMetadata < 1.11.8 - Unauthenticated JWT Leak via Ingestion Pipeline API
CVSS 7.6
CVE-2026-21533 HIGH KEV
Windows 10/11 Remote Desktop Authenticated Privilege Escalation
CVSS 7.8
CVE-2026-25643 CRITICAL
Frigate < 0.16.4 - Remote Command Execution via go2rtc exec Directive
CVSS 9.1
CVE-2026-23896 HIGH
immich <2.5.0 - Privilege Escalation
CVSS 7.2
CVE-2026-22039 CRITICAL
Kyverno < 1.15.3 - Authenticated Server-Side Request Forgery via Namespaced Policy apiCall
CVSS 9.9
Details
Vulnerabilities 2,772
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits