CWE-280

Improper Handling of Insufficient Permissions or Privileges

Parent: CWE-755 - Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

144 vulnerabilities with CWE-280
CVE-2026-40371 HIGH
Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
CVSS 8.8
CVE-2026-11764 LOW
pretix - Data Exposed Without Proper Permission
CVE-2026-10549 MEDIUM
Privilege escalation in Yandex Database
CVE-2026-9792 MEDIUM
Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition
CVSS 6.5
CVE-2026-2340 MEDIUM
Samba: vfs_worm does not block directory modification
CVSS 6.5
CVE-2026-44201 MEDIUM
Wagtail: Improper restriction handling on Documents and Images API
CVSS 5.3
CVE-2026-44200 MEDIUM
Wagtail: Improper permission handling when copying pages
CVSS 6.5
CVE-2026-44199 MEDIUM
Wagtail: Improper permission handling when deleting form submissions
CVSS 6.5
CVE-2026-44198 MEDIUM
Wagtail: Improper permission handling when viewing page history
CVSS 4.3
CVE-2026-44197 MEDIUM
Wagtail: Improper permission handling when comparing revisions
CVSS 6.5
CVE-2026-6805 HIGH
Vulnerability on Cryptobox external sharing feature
CVSS 7.5
CVE-2026-20448 MEDIUM
MediaTek chipset MT6765 - Privilege Escalation
CVSS 6.7
CVE-2026-27910 HIGH
Windows Installer Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-24096 HIGH
Insufficient permission validation on multiple REST API Quick Setup endpoints
CVSS 8.8
CVE-2026-2123 HIGH
Privilege escalation vulnerability in Operations Agent
CVSS 7.8
CVE-2026-3190 MEDIUM
Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api
CVSS 4.3
CVE-2026-21736 MEDIUM
Non-privileged Software - Privilege Escalation
CVSS 4.4
CVE-2026-0047 HIGH
ActivityManagerService - Privilege Escalation
CVSS 8.4
CVE-2026-1772 MEDIUM
Hitachi Energy RTU500 Series Firmware 12.7.1-12.7.7 - Unauthenticated Information Disclosure via Browser Developer Tools
CVSS 5.3
CVE-2026-23857 HIGH
Dell Update Package (DUP) Framework <24.12.00 - Privilege Escalation
CVSS 8.2
CVE-2026-20817 HIGH
Windows Error Reporting - Privilege Escalation
CVSS 7.8
CVE-2025-67848 HIGH
Moodle < 4.1.22 - Authentication Bypass via LTI Provider
CVSS 8.1
CVE-2025-46066 CRITICAL
Automai Director <25.2.0 - Privilege Escalation
CVSS 9.9
CVE-2025-64997 MEDIUM
Checkmk - Unauthenticated Information Disclosure via REST API Agent Information Endpoint
CVSS 6.5
CVE-2025-43527 HIGH
macOS Tahoe <26.2 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 144
Links
MITRE CWE Entry Search this CWE With Exploits