CWE-266 · Incorrect Privilege Assignment
964 CVEs classified under CWE-266 (Incorrect Privilege Assignment). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23800 | Critical | 10.0 | 2026-01-16 | Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. |
CVE-2025-41115 | Critical | 10.0 | 2025-11-21 | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing… |
CVE-2026-42368 | Critical | 9.9 | 2026-05-04 | A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to… |
CVE-2026-32922 | Critical | 9.9 | 2026-03-29 | OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens w… |
CVE-2026-22907 | Critical | 9.9 | 2026-01-15 | An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. |
CVE-2025-62645 | Critical | 9.9 | 2025-10-17 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative pr… |
CVE-2025-10725 | Critical | 9.9 | 2025-09-30 | A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a st… |
CVE-2025-54049 | Critical | 9.9 | 2025-08-20 | Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP… |
CVE-2025-26512 | Critical | 9.9 | 2025-03-24 | SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin… |
CVE-2019-10940 | Critical | 9.9 | 2020-01-16 | A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid ses… |
CVE-2026-56033 | Critical | 9.8 | 2026-06-26 | Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions. |
CVE-2026-56030 | Critical | 9.8 | 2026-06-26 | Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. |
CVE-2026-56028 | Critical | 9.8 | 2026-06-26 | Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 versions. |
CVE-2026-54807 | Critical | 9.8 | 2026-06-17 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. |
CVE-2026-49058 | Critical | 9.8 | 2026-06-17 | Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. |
CVE-2026-27395 | Critical | 9.8 | 2026-06-17 | Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. |
CVE-2025-69179 | Critical | 9.8 | 2026-06-17 | Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions. |
CVE-2026-39583 | Critical | 9.8 | 2026-06-15 | Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. |
CVE-2026-34901 | Critical | 9.8 | 2026-06-15 | Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. |
CVE-2026-49060 | Critical | 9.8 | 2026-06-11 | Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCom… |