Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-266 (特权授予不正确) — Vulnerability Class 382

382 vulnerabilities classified as CWE-266 (特权授予不正确). AI Chinese analysis included.

CWE-266 represents a critical access control weakness where software incorrectly assigns privileges to an actor, granting them an unintended sphere of control. This flaw typically arises from flawed logic in role-based or discretionary access control mechanisms, allowing users to perform actions beyond their authorized scope. Attackers exploit this by manipulating input parameters or session tokens to escalate privileges, effectively bypassing security boundaries to access sensitive data or execute administrative functions. To prevent such vulnerabilities, developers must implement robust, centralized authorization checks that verify permissions at every critical point of execution rather than relying on client-side validations. Adhering to the principle of least privilege ensures that actors receive only the minimum access necessary for their specific tasks. Rigorous code reviews and automated security testing further help identify incorrect privilege assignments before deployment, maintaining strict integrity over system resources.

MITRE CWE Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.
Mitigations (2)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Examples (2)
The following example demonstrates the weakness.
seteuid(0); /* do some stuff */ seteuid(getuid());
Bad · C
The following example demonstrates the weakness.
AccessController.doPrivileged(new PrivilegedAction() { public Object run() { // privileged code goes here, for example: System.loadLibrary("awt"); return null; // nothing to return }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2025-54697 WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability — Kadence WooCommerce Email Designer 7.2 High2025-08-14
CVE-2024-12303 Incorrect Privilege Assignment in GitLab — GitLab 6.7 Medium2025-08-13
CVE-2025-53744 Fortinet FortiOS Security Fabric 安全漏洞 — FortiOS 6.8 High2025-08-12
CVE-2025-42936 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 5.4 Medium2025-08-12
CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges — Vault 7.2 High2025-08-01
CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App — GlobalProtect App 6.1AIMediumAI2025-07-29
CVE-2025-52836 WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability — The E-Commerce ERP 9.8 Critical2025-07-16
CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App — GlobalProtect App 7.1AIHighAI2025-07-09
CVE-2025-0139 Autonomous Digital Experience Manager: Privilege Escalation (PE) Vulnerability — Autonomous Digital Experience Manager 7.8AIHighAI2025-07-09
CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user — iSAP Smart Collector 6.8 Medium2025-07-09
CVE-2025-43001 Multiple Privilege Escalation Vulnerabilities in SAPCAR — SAPCAR 6.9 Medium2025-07-08
CVE-2025-42992 Multiple Privilege Escalation Vulnerabilities in SAPCAR — SAPCAR 6.9 Medium2025-07-08
CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability — Service Finder Booking 9.8 Critical2025-07-04
CVE-2025-49867 WordPress RealHomes theme <= 4.4.0 - Privilege Escalation vulnerability — RealHomes 9.8 Critical2025-07-04
CVE-2025-52726 WordPress CouponXxL Custom Post Types plugin <= 3.0 - Privilege Escalation Vulnerability — CouponXxL Custom Post Types 8.6 High2025-06-27
CVE-2025-41255 Cyberduck and Mountain Duck - Improper Certificate Store Handling — Cyberduck 8.0 High2025-06-25
CVE-2025-23260 NVIDIA AIStore 安全漏洞 — AIStore 5.0 Medium2025-06-24
CVE-2025-49580 XWiki allows privilege escalation through link refactoring — xwiki-platform 9.3AICriticalAI2025-06-13
CVE-2025-4228 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability — Cortex XDR Broker VM 7.2AIHighAI2025-06-12
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job — Nomad 8.1 High2025-06-11
CVE-2025-23974 WordPress One-Login plugin <= 1.4 - Privilege Escalation Vulnerability — One-Login 8.1 High2025-06-09
CVE-2025-47561 WordPress MapSVG plugin < 8.6.13 - Privilege Escalation Vulnerability — MapSVG 8.8 High2025-06-09
CVE-2025-48129 WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Privilege Escalation Vulnerability — Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light 9.8 Critical2025-06-09
CVE-2025-5791 Users: `root` appended to group listings 7.1 High2025-06-06
CVE-2025-48911 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.2 High2025-06-06
CVE-2025-4493 Devolutions Server 安全漏洞 — Server 7.1AIHighAI2025-05-28
CVE-2025-31918 WordPress Simple Business Directory Pro plugin < 15.6.9 - Privilege Escalation vulnerability — Simple Business Directory Pro 9.8 Critical2025-05-23
CVE-2025-39489 WordPress CouponXL theme <= 4.5.0 - Privilege Escalation Vulnerability — CouponXL 9.8 Critical2025-05-23
CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability — Eventin 9.8 Critical2025-05-23
CVE-2025-47631 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability — Hospital Management System 8.8 High2025-05-23

Vulnerabilities classified as CWE-266 (特权授予不正确) represent 382 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.