CWE-732

High likelihood

Incorrect Permission Assignment for Critical Resource

Parent: CWE-285 - Improper Authorization

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

1,661 vulnerabilities with CWE-732
CVE-2026-22768 HIGH
Dell AppSync 4.6.0 - Privilege Escalation
CVSS 7.3
CVE-2026-34450 MEDIUM
Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
CVSS 4.4
CVE-2026-21715 LOW
Node.js 20.x-25.x - Privilege Escalation
CVSS 3.3
CVE-2026-34352 HIGH
TigerVNC <1.16.2 - Privilege Escalation
CVSS 8.5
CVE-2026-3113 MEDIUM
mmctl export download command doesn’t restrict permissions to created file to file owner
CVSS 5.0
CVE-2026-33430 HIGH
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
CVSS 7.3
CVE-2026-4761 HIGH
Unnecessary permissions on private keys of certificates installed by Network and Security Wizard
CVSS 7.5
CVE-2026-28829 MEDIUM
macOS <14.8.5 - Privilege Escalation
CVSS 5.5
CVE-2026-20693 MEDIUM
macOS <14.8.5 - Privilege Escalation
CVSS 4.9
CVE-2026-32048 HIGH
OpenClaw < 2026.3.1 - Sandbox Escape via Cross-Agent sessions_spawn
CVSS 7.5
CVE-2026-32810 MEDIUM
Halloy has insecure file permissions on credential files
CVSS 5.5
CVE-2026-25770 CRITICAL
Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
CVSS 9.1
CVE-2026-28563 MEDIUM
Apache Airflow: DAG authorization bypass
CVSS 4.3
CVE-2026-26929 MEDIUM
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
CVSS 6.5
CVE-2026-29516 MEDIUM
Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure
CVSS 4.9
CVE-2026-32704 MEDIUM
SiYuan renderSprig: missing admin check allows any user to read full workspace DB
CVSS 6.5
CVE-2026-3315 HIGH
ASSA ABLOY Visionline <1.33 - Privilege Escalation
CVSS 7.8
CVE-2026-24291 HIGH
Windows Accessibility Infrastructure - Privilege Escalation
CVSS 7.8
CVE-2026-28725 MEDIUM
Acronis Cyber Protect 17 <41186 - Info Disclosure
CVSS 5.5
CVE-2026-29188 CRITICAL
File Browser <2.61.1 - Privilege Escalation
CVSS 9.1
CVE-2026-29126 HIGH
International Data Casting SFX2100 Satellite Receiver - Local Privilege Escalation via World-Writable DHCP Event Script
CVSS 7.8
CVE-2026-29125 MEDIUM
datacast SFX2100 Firmware - Incorrect Permission Assignment for Critical Resource in /etc/resolv.conf
CVSS 4.7
CVE-2026-24732 MEDIUM
BlueSpice 5.1-5.1.3/5.2-5.2.0 - Auth Bypass
CVE-2026-2915 HIGH
HP System Event Utility <3.2.16 - DoS
CVSS 7.1
CVE-2026-2637 HIGH
iBoysoft NTFS for Mac 8.0.0.0 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 1,661
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits