CWE-268
Privilege Chaining
Description
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32445 | Cri | 0.57 | 9.9 | 0.01 | Apr 15, 2025 | Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The… | ||
| CVE-2025-7973 | Hig | 0.55 | — | 0.00 | Aug 14, 2025 | A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command… | ||
| CVE-2025-2903 | — | Hig | 0.55 | — | 0.00 | Apr 17, 2025 | An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM,… | |
| CVE-2026-32325 | — | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege. | |
| CVE-2025-64701 | Hig | 0.51 | 7.8 | 0.00 | Dec 11, 2025 | QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered,… | ||
| CVE-2024-47045 | Hig | 0.51 | 7.8 | 0.00 | Sep 26, 2024 | Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege. | ||
| CVE-2026-3888 | Hig | 0.44 | 7.8 | 0.00 | Mar 17, 2026 | Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04… | ||
| CVE-2025-20112 | Med | 0.33 | 5.1 | 0.00 | May 21, 2025 | A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to… | ||
| CVE-2025-32955 | Med | 0.32 | 6.0 | 0.00 | Apr 21, 2025 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using… | ||
| CVE-2023-0759 | 0.00 | — | 0.00 | Feb 9, 2023 | Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. | |||
| CVE-2021-3932 | 0.00 | — | 0.00 | Nov 13, 2021 | twill is vulnerable to Cross-Site Request Forgery (CSRF) |
- risk 0.57cvss 9.9epss 0.01
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The…
- risk 0.55cvss —epss 0.00
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command…
- risk 0.55cvss —epss 0.00
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM,…
- risk 0.51cvss 7.8epss 0.00
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
- risk 0.51cvss 7.8epss 0.00
QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered,…
- risk 0.51cvss 7.8epss 0.00
Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege.
- risk 0.44cvss 7.8epss 0.00
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04…
- risk 0.33cvss 5.1epss 0.00
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to…
- risk 0.32cvss 6.0epss 0.00
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using…
- CVE-2023-0759Feb 9, 2023risk 0.00cvss —epss 0.00
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.
- CVE-2021-3932Nov 13, 2021risk 0.00cvss —epss 0.00
twill is vulnerable to Cross-Site Request Forgery (CSRF)