CWE-732
High likelihoodIncorrect Permission Assignment for Critical Resource
Parent: CWE-285 - Improper Authorization
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
1,661 vulnerabilities with CWE-732
CVE-2026-0271
MEDIUM
Prisma Access Agent: Local Privilege Escalation by Authorized Users
CVE-2026-50570
HIGH
Fission < 1.25.0 PodSpec Validation - CAP_SYS_TIME Privilege Escalation
CVSS 8.5
CVE-2026-26422
HIGH
Clash Verge REV Clash-verge-service-ipc < 2.3.0 - Incorrect Permission Assignment for Critical Resource
CVSS 8.4
CVE-2026-50590
MEDIUM
Mimecast Incydr < 2.6.0 - Incorrect Permission Assignment for Critical Resource
CVSS 4.5
CVE-2026-10997
MEDIUM
Google Chrome < 149.0.7827.53 - Insufficient Policy Enforcement in Extensions
CVSS 6.5
CVE-2026-10840
HIGH
OpenShift Pipelines Operator - Authenticated Resource Write Access
CVSS 7.1
CVE-2026-50209
HIGH
Acer Connect M6E 5G Portable WiFi Router - MDM Server Registration Overriding
CVSS 7.8
CVE-2026-10591
HIGH
Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths
CVSS 8.8
CVE-2026-27788
HIGH
Fsas Technologies Inc. ServerView Agents For Windows - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2026-9508
CRITICAL
Suprema BioStar 2 Server - Public Backup File Exposure
CVE-2026-8070
HIGH
Asus Armoury Crate < 6.4.12 - Incorrect Permission Assignment for Critical Resource
CVE-2026-7480
HIGH
Asus System Control Interface - Incorrect Permission Assignment for Critical Resource
CVE-2026-45353
HIGH
electerm: Local code through electerm's single-instance socket
CVSS 7.8
CVE-2026-9789
HIGH
NitroSense V3: Security Vulnerability Information
CVE-2026-2254
MEDIUM
Hitachi Vantara Pentaho Data Integration & Analytics - Incorrect Permission Assignment for Critical Resource
CVSS 6.3
CVE-2026-25112
HIGH
Genetec RabbitMQ - Incorrect Permission Assignment for Critical Resource
CVSS 7.8
CVE-2026-42497
HIGH
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
CVSS 7.5
CVE-2026-9489
HIGH
NitroSense V3: Local Privilege Escalation (LPE) vulnerability
CVE-2026-45246
MEDIUM
Summarize < 0.15.1 Insecure File Permissions Information Disclosure
CVSS 5.5
CVE-2026-8612
MEDIUM
WWW::Mechanize::Cached < 2.00 - Local Code Execution via Cache Response Forgery
CVSS 5.3
CVE-2026-42937
MEDIUM
F5 BIG-IP and BIG-IQ - Authenticated Information Disclosure via TMOS Shell arp/ndp Commands and iControl REST
CVSS 6.5
CVE-2026-42058
MEDIUM
F5 BIG-IP 16.1.0-21.1.0 - Authenticated Information Disclosure via iControl REST
CVSS 4.3
CVE-2026-41959
MEDIUM
F5 BIG-IP and BIG-IQ - Authenticated Information Disclosure via TMOS Shell and iControl REST
CVSS 6.5
CVE-2026-41217
HIGH
F5 BIG-IP tmsh - Privileged Command Execution
CVSS 7.9
CVE-2026-40462
MEDIUM
F5 BIG-IP 16.1.0-17.1.3.0 17.5.0-17.5.1.3 21.0.0-21.0.0 21.1.0+ - Authenticated Information Disclosure
CVSS 6.5
Details
Vulnerabilities
1,661
Exploit Likelihood
High