CWE-267
Privilege Defined With Unsafe Actions
Description
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-58 · CAPEC-634 · CAPEC-637 · CAPEC-643 · CAPEC-648
CVEs mapped to this weakness (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55968 | Hig | 0.58 | 8.8 | 0.01 | Jan 28, 2025 | An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication… | ||
| CVE-2026-42406 | Hig | 0.57 | 8.7 | 0.00 | May 13, 2026 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of… | ||
| CVE-2026-29646 | Cri | 0.57 | 9.8 | 0.00 | Apr 20, 2026 | In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks… | ||
| CVE-2025-14349 | Hig | 0.57 | 8.8 | 0.00 | Feb 13, 2026 | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before… | ||
| CVE-2026-0945 | Hig | 0.57 | 8.8 | 0.00 | Feb 4, 2026 | Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0. | ||
| CVE-2025-2903 | — | Hig | 0.55 | — | 0.00 | Apr 17, 2025 | An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM,… | |
| CVE-2026-2459 | Hig | 0.53 | 8.1 | 0.00 | Feb 24, 2026 | A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so. | ||
| CVE-2026-9560 | Hig | 0.51 | 7.8 | 0.01 | May 26, 2026 | Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel | ||
| CVE-2026-27314 | Hig | 0.50 | 8.8 | 0.00 | Apr 7, 2026 | Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD… | ||
| CVE-2024-20411 | Med | 0.44 | 6.7 | 0.00 | Aug 28, 2024 | A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands… | ||
| CVE-2026-6816 | Low | 0.25 | 3.8 | 0.00 | May 28, 2026 | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2. | ||
| CVE-2025-26467 | 0.00 | — | 0.00 | Aug 25, 2025 | Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on… | |||
| CVE-2025-23015 | 0.00 | — | 0.01 | Feb 4, 2025 | Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on… | |||
| CVE-2023-22647 | 0.00 | — | 0.01 | Jun 1, 2023 | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being… | |||
| CVE-2023-2983 | 0.00 | — | 0.01 | May 30, 2023 | Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | |||
| CVE-2019-10170 | — | 0.00 | — | 0.01 | May 8, 2020 | A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary… | ||
| CVE-2019-10169 | — | 0.00 | — | 0.01 | May 8, 2020 | A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions… | ||
| CVE-2017-2616 | Med | 0.00 | 5.5 | 0.00 | Jul 27, 2018 | A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. |
- risk 0.58cvss 8.8epss 0.01
An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication…
- risk 0.57cvss 8.7epss 0.00
A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of…
- risk 0.57cvss 9.8epss 0.00
In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks…
- risk 0.57cvss 8.8epss 0.00
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before…
- risk 0.57cvss 8.8epss 0.00
Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0.
- risk 0.55cvss —epss 0.00
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM,…
- risk 0.53cvss 8.1epss 0.00
A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
- risk 0.51cvss 7.8epss 0.01
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
- risk 0.50cvss 8.8epss 0.00
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD…
- risk 0.44cvss 6.7epss 0.00
A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vulnerability is due to insufficient security restrictions when executing commands…
- risk 0.25cvss 3.8epss 0.00
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.
- CVE-2025-26467Aug 25, 2025risk 0.00cvss —epss 0.00
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on…
- CVE-2025-23015Feb 4, 2025risk 0.00cvss —epss 0.01
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on…
- CVE-2023-22647Jun 1, 2023risk 0.00cvss —epss 0.01
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being…
- CVE-2023-2983May 30, 2023risk 0.00cvss —epss 0.01
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
- CVE-2019-10170May 8, 2020risk 0.00cvss —epss 0.01
A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary…
- CVE-2019-10169May 8, 2020risk 0.00cvss —epss 0.01
A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions…
- risk 0.00cvss 5.5epss 0.00
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.