CWE-266 · Incorrect Privilege Assignment

964 CVEs classified under CWE-266 (Incorrect Privilege Assignment). Browse by severity and year.

Top CVEs for CWE-266
CVESeverityScorePublishedSummary
CVE-2026-23800Critical10.02026-01-16Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.
CVE-2025-41115Critical10.02025-11-21SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing…
CVE-2026-42368Critical9.92026-05-04A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to…
CVE-2026-32922Critical9.92026-03-29OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing scope to mint tokens w…
CVE-2026-22907Critical9.92026-01-15An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
CVE-2025-62645Critical9.92025-10-17The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative pr…
CVE-2025-10725Critical9.92025-09-30A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a st…
CVE-2025-54049Critical9.92025-08-20Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP…
CVE-2025-26512Critical9.92025-03-24SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin…
CVE-2019-10940Critical9.92020-01-16A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid ses…
CVE-2026-56033Critical9.82026-06-26Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
CVE-2026-56030Critical9.82026-06-26Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
CVE-2026-56028Critical9.82026-06-26Unauthenticated Privilege Escalation in Easy Elements for Elementor &#8211; Addons &amp; Website Templates <= 1.4.9 versions.
CVE-2026-54807Critical9.82026-06-17Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
CVE-2026-49058Critical9.82026-06-17Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
CVE-2026-27395Critical9.82026-06-17Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
CVE-2025-69179Critical9.82026-06-17Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
CVE-2026-39583Critical9.82026-06-15Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.
CVE-2026-34901Critical9.82026-06-15Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.
CVE-2026-49060Critical9.82026-06-11Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCom…