CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,622 vulnerabilities with CWE-732
CVE-2026-40556 LOW
Insecure Directory Permissions in GNU nano Leading to Privilege Abuse
CVE-2026-41366 MEDIUM
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
CVSS 5.5
CVE-2026-35367 LOW
uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions
CVSS 3.3
CVE-2026-35341 HIGH
uutils coreutils mkfifo Unauthorized Permission Change on Existing Files
CVSS 7.1
CVE-2026-6842 LOW
Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
CVSS 2.5
CVE-2026-6386 MEDIUM
Missing large page handling in pmap_pkru_update_range()
CVSS 6.2
CVE-2026-6369 MEDIUM
Exposed Session Token in canonical-livepatch client snap
CVE-2026-22676 HIGH
Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions
CVSS 7.8
CVE-2026-21727 LOW
Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record
CVSS 3.3
CVE-2026-21011 MEDIUM
Samsung Mobile Devices - Privilege Escalation
CVSS 6.8
CVE-2026-4482 MEDIUM
Insight Agent Private Key Information Disclosure via Inherited File Permissions
CVE-2026-28264 LOW
Dell PowerProtect Agent < 20.1.0.0 or later - Information Exposure
CVSS 3.3
CVE-2026-33271 MEDIUM
Acronis True Image < 42902 - Privilege Escalation
CVSS 6.7
CVE-2026-21765 HIGH
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
CVSS 8.8
CVE-2026-22768 HIGH
Dell AppSync 4.6.0 - Privilege Escalation
CVSS 7.3
CVE-2026-34450 MEDIUM
Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
CVSS 4.4
CVE-2026-21715 LOW
Node.js 20.x-25.x - Privilege Escalation
CVSS 3.3
CVE-2026-34352 HIGH
TigerVNC <1.16.2 - Privilege Escalation
CVSS 8.5
CVE-2026-3113 MEDIUM
mmctl export download command doesn’t restrict permissions to created file to file owner
CVSS 5.0
CVE-2026-33430 HIGH
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
CVSS 7.3
CVE-2026-4761 HIGH
Unnecessary permissions on private keys of certificates installed by Network and Security Wizard
CVSS 7.5
CVE-2026-28829 MEDIUM
macOS <14.8.5 - Privilege Escalation
CVSS 5.5
CVE-2026-20693 MEDIUM
macOS <14.8.5 - Privilege Escalation
CVSS 4.9
CVE-2026-32048 HIGH
OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn
CVSS 7.5
CVE-2026-32810 MEDIUM
Halloy has insecure file permissions on credential files
CVSS 5.5
Details
Vulnerabilities 1,622
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits