CWE-1268
Policy Privileges are not Assigned Consistently Between Control and Data Agents
BaseDraft
Description
The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-180
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5892 | Med | 0.43 | 6.6 | 0.00 | Apr 8, 2026 | Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) |