Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-286 (用户管理不正确) — Vulnerability Class 24

24 vulnerabilities classified as CWE-286 (用户管理不正确). AI Chinese analysis included.

CWE-286 represents a critical user management weakness where software fails to correctly assign or maintain user roles and permissions within its operational environment. This flaw typically manifests when administrators or automated systems incorrectly map users to inappropriate permission groups, granting unintended access rights to sensitive data or system functions. Attackers exploit this vulnerability by manipulating user attributes or leveraging existing misconfigurations to escalate privileges, thereby gaining unauthorized access to resources they should not possess. To prevent such security breaches, developers must implement rigorous validation checks during user provisioning and role assignment processes. Employing the principle of least privilege ensures users receive only the minimum necessary access rights. Additionally, regular audits of user permissions and automated verification of role assignments help maintain integrity, ensuring that user management systems accurately reflect intended security policies and prevent unauthorized privilege escalation.

MITRE CWE Description
The product does not properly manage a user within its environment. Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.
Common Consequences (1)
OtherVaries by Context
CVE IDTitleCVSSSeverityPublished
CVE-2026-35638 OpenClaw < 2026.3.22 - Privilege Escalation via Self-Declared Scopes in Trusted-Proxy Control UI — OpenClaw 8.8 High2026-04-09
CVE-2025-64725 Weblate has improper validation upon invitation acceptance — weblate 4.3AIMediumAI2025-12-15
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email — phpMyFAQ 8.1 High2025-10-03
CVE-2025-7972 Rockwell Automation FactoryTalk® Linx Network Browser Security Bypass Vulnerability — FactoryTalk® Linx 9.1AICriticalAI2025-08-14
CVE-2024-48853 Authenticated Escalation to guest to root — ASPECT-Enterprise 9.0 Critical2025-05-22
CVE-2024-46671 Fortinet FortiWeb 安全漏洞 — FortiWeb 5.6 Medium2025-04-08
CVE-2024-45425 Zoom Workplace Apps - Incorrect User Management — Zoom Workplace Apps 4.9 Medium2025-02-25
CVE-2024-6356 Incorrect User Management in GitLab — GitLab 4.4 Medium2025-02-05
CVE-2024-13041 Incorrect User Management in GitLab — GitLab 4.2 Medium2025-01-09
CVE-2024-52359 IBM Concert Software improper access controls — Concert Software 4.3 Medium2024-11-19
CVE-2024-9312 Authd 安全漏洞 — Authd 7.5 High2024-10-10
CVE-2024-28020 Hitachi FOXMAN-UN 安全漏洞 — FOXMAN-UN 8.0 High2024-06-11
CVE-2024-27269 IBM QRadar SIEM information disclosure — QRadar SIEM 6.8 Medium2024-05-10
CVE-2023-3907 Improper User Management in GitLab — GitLab 4.9 Medium2023-12-17
CVE-2023-3115 Incorrect User Management in GitLab — GitLab 5.4 Medium2023-09-29
CVE-2023-3914 Incorrect User Management in GitLab — GitLab 5.4 Medium2023-09-29
CVE-2023-20253 Cisco SD-WAN vManage 安全漏洞 — Cisco SD-WAN vManage 7.1 High2023-09-27
CVE-2023-25519 NVIDIA ConnectX 安全漏洞 — BlueField 1 7.8 High2023-09-12
CVE-2023-3932 Incorrect User Management in GitLab — GitLab 5.3 High2023-08-03
CVE-2023-0857 多款Canon产品安全漏洞 — Canon Office/Small Office Multifunction Printers and Laser Printers 5.9 Medium2023-05-11
CVE-2022-45857 Fortinet FortiManager 安全漏洞 — FortiManager 6.0 Medium2023-01-05
CVE-2022-32260 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server 6.5 Medium2022-06-14
CVE-2021-26262 Philips MRI 1.5T and 3T Improper Access Control — MRI 1.5T 6.8 -2021-11-19
CVE-2021-21553 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.3 High2021-08-02

Vulnerabilities classified as CWE-286 (用户管理不正确) represent 24 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.