Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-276 (缺省权限不正确) — Vulnerability Class 448

448 vulnerabilities classified as CWE-276 (缺省权限不正确). AI Chinese analysis included.

CWE-276 represents a critical configuration weakness where software installation processes assign overly permissive access rights to files, often granting read, write, and execute privileges to all users. This flaw typically allows malicious actors to modify or replace critical application binaries, configuration files, or scripts without authentication. By altering these unprotected resources, attackers can inject malicious code, escalate privileges, or compromise system integrity, effectively bypassing security controls that rely on file integrity. To mitigate this risk, developers must adhere to the principle of least privilege during deployment. This involves explicitly setting restrictive permissions, such as read-only access for general users and write access only for administrators. Automated installation scripts should verify and enforce these secure defaults, ensuring that sensitive files remain immutable to unauthorized entities and preserving the overall security posture of the deployed environment.

MITRE CWE Description
During installation, installed file permissions are set to allow anyone to modify those files.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
Mitigations (2)
Architecture and Design, OperationThe architecture needs to access and modification attributes for files to only those users who actually require those actions.
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
CVE IDTitleCVSSSeverityPublished
CVE-2026-0539 Local Privilege Escalation in pcvisit service client — pcvisit Remote Host Modul 7.8AIHighAI2026-04-22
CVE-2026-6823 HKUDS OpenHarness Insecure Default Remote Channel Allowlist — OpenHarness 8.2 High2026-04-21
CVE-2026-6819 HKUDS OpenHarness Plugin Management Command Exposure — OpenHarness 8.8 High2026-04-21
CVE-2026-39454 SKYSEA Client View 安全漏洞 — SKYSEA Client View 7.8AIHighAI2026-04-20
CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure — Pandora FMS 7.5 -2026-04-13
CVE-2026-25203 SAMSUNG MagicINFO 9 Server 安全漏洞 — MagicINFO 9 Server 7.8 High2026-04-10
CVE-2025-58713 Rhpam: privilege escalation via excessive /etc/passwd permissions — Red Hat Process Automation 7 6.4 Medium2026-04-08
CVE-2025-57853 Web-terminal: privilege escalation via excessive /etc/passwd permissions — Red Hat Web Terminal 6.4 Medium2026-04-08
CVE-2025-57854 Osus-operator: privilege escalation via excessive /etc/passwd permissions — Red Hat OpenShift Update Service 6.4 Medium2026-04-08
CVE-2025-57847 Ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions — Red Hat Ansible Automation Platform 2 6.4 Medium2026-04-08
CVE-2025-57851 Mce: privilege escalation via excessive /etc/passwd permissions — Multicluster Engine for Kubernetes 6.4 Medium2026-04-08
CVE-2025-7024 Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS) — TETRA Connectivity Server (TCS) 7.3 High2026-04-03
CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool — anthropic-sdk-python 4.4 -2026-03-31
CVE-2025-15615 Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service — wazuh-manager 6.5 Medium2026-03-27
CVE-2026-32983 SSL/TLS Renegotiation DoS in Wazuh Manager authd service — wazuh-manager 5.8 Medium2026-03-27
CVE-2026-32680 RATOC RAID Monitoring Manager for Windows 安全漏洞 — RATOC RAID Monitoring Manager for Windows 7.8AIHighAI2026-03-26
CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center — Software Center 7.8 -2026-03-18
CVE-2016-20029 ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability — ZKTeco ZKBioSecurity 6.2 Medium2026-03-15
CVE-2025-57849 Fuse: privilege escalation via excessive /etc/passwd permissions — Red Hat Fuse 7 6.4 Medium2026-03-13
CVE-2025-8766 Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container — Red Hat Openshift Data Foundation 4 6.4 Medium2026-03-13
CVE-2026-26131 .NET Elevation of Privilege Vulnerability — .NET 10.0 7.8 High2026-03-10
CVE-2026-3315 Local Privilege Escalation Due to Writable Executable in Privileged Visionline Service Path — Visionline 8.8AIHighAI2026-03-10
CVE-2026-28267 Digital Arts i-フィルター 安全漏洞 — i-フィルター 10 (Windows version only) 8.1AIHighAI2026-03-09
CVE-2026-28717 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 17 7.8 -2026-03-05
CVE-2026-28727 Acronis Cyber Protect和Acronis Cyber Protect Cloud Agent 安全漏洞 — Acronis Cyber Protect 17 7.8 -2026-03-05
CVE-2026-26034 Dell UPS Multi-UPS Management Console 安全漏洞 — UPS Multi-UPS Management Console (MUMC) 7.8 -2026-03-05
CVE-2026-21423 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2026-03-04
CVE-2026-27653 Soliton多款产品 安全漏洞 — Soliton SecureBrowser for OneGate 7.8 -2026-02-27
CVE-2026-23703 Digital Arts FinalCode Client 安全漏洞 — FinalCode Ver.5 series 8.4AIHighAI2026-02-26
CVE-2025-1789 Genetec Update Service 安全漏洞 — Genetec Update Service 7.8 -2026-02-24

Vulnerabilities classified as CWE-276 (缺省权限不正确) represent 448 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.