CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2026-8110 HIGH
Ivanti Endpoint Manager < 2024 SU6 - Authenticated Privilege Escalation via Incorrect Agent Permissions
CVSS 7.8
CVE-2026-7431 MEDIUM
Ivanti Secure Access Client - Incorrect Permission Assignment for Critical Resource
CVSS 4.4
CVE-2026-32684 LOW
Hikvision Hik-Connect APP - Info Disclosure
CVSS 2.9
CVE-2026-1185 MEDIUM
Axis Communications AB Axis OS < 12.10.36 - Incorrect Permission Assignment for Critical Resource
CVSS 5.4
CVE-2026-0541 MEDIUM
Axis Communications AB Axis OS < 12.9.32 - Incorrect Permission Assignment for Critical Resource
CVSS 6.7
CVE-2026-41489 HIGH
Pi-hole: Local privilege escalation via config-controlled path in root-executed service hooks
CVSS 8.8
CVE-2026-45222 MEDIUM
Summarize Insecure Daemon Configuration File Permissions
CVSS 6.1
CVE-2026-8069 HIGH
PredatorSense V3: Local Privilege Escalation (LPE) vulnerability
CVE-2026-41288 HIGH
WatchGuard Agent on Windows Privilege Escalation Vulnerability
CVSS 7.8
CVE-2026-41686 MEDIUM
Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool
CVSS 4.4
CVE-2026-42812 CRITICAL
Apache Polaris: No protection on `write.metadata.path`
CVSS 9.9
CVE-2026-6499 LOW
ILM Informatique OpenConcerto 1.7.5 - Privilege Escalation
CVE-2026-41366 MEDIUM
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
CVSS 5.5
CVE-2026-35367 LOW
uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions
CVSS 3.3
CVE-2026-35341 HIGH
uutils coreutils mkfifo Unauthorized Permission Change on Existing Files
CVSS 7.1
CVE-2026-6842 LOW
Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
CVSS 2.5
CVE-2026-6386 MEDIUM
Missing large page handling in pmap_pkru_update_range()
CVSS 6.2
CVE-2026-6369 MEDIUM
Exposed Session Token in canonical-livepatch client snap
CVSS 5.5
CVE-2026-22676 HIGH
Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions
CVSS 7.8
CVE-2026-21727 LOW
Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record
CVSS 3.3
CVE-2026-21011 MEDIUM
Samsung Mobile Devices - Privilege Escalation
CVSS 6.8
CVE-2026-4482 MEDIUM
Insight Agent Private Key Information Disclosure via Inherited File Permissions
CVSS 5.5
CVE-2026-28264 LOW
Dell PowerProtect Agent < 20.1.0.0 - Incorrect Permission Assignment for Critical Resource
CVSS 3.3
CVE-2026-33271 MEDIUM
Acronis True Image < 42902 - Local Privilege Escalation via Insecure Folder Permissions
CVSS 6.7
CVE-2026-21765 HIGH
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
CVSS 8.8
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits