CWE-276
Incorrect Default Permissions
Description
During installation, installed file permissions are set to allow anyone to modify those files.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-127 · CAPEC-81
CVEs mapped to this weakness (474)
page 8 of 24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1844 | Hig | 0.51 | 7.8 | 0.01 | Dec 31, 2002 | Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | ||
| CVE-2001-0497 | Hig | 0.51 | 7.8 | 0.00 | Jul 21, 2001 | dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | ||
| CVE-2026-6819 | Hig | 0.50 | 8.8 | 0.00 | Apr 21, 2026 | HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and… | ||
| CVE-2025-61035 | — | Hig | 0.50 | 7.7 | 0.00 | Oct 22, 2025 | The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written… | |
| CVE-2025-53947 | — | Hig | 0.50 | 7.7 | 0.00 | Sep 18, 2025 | A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content. | |
| CVE-2024-52946 | Hig | 0.50 | 8.8 | 0.00 | Nov 18, 2024 | An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. | ||
| CVE-2024-36495 | Hig | 0.50 | 7.7 | 0.00 | Jun 24, 2024 | The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect… | ||
| CVE-2024-27155 | — | Hig | 0.50 | 7.7 | 0.00 | Jun 14, 2024 | The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the… | |
| CVE-2025-13025 | Hig | 0.49 | 7.5 | 0.00 | Nov 11, 2025 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145. | ||
| CVE-2024-55950 | Hig | 0.49 | — | 0.00 | Dec 26, 2024 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application… | ||
| CVE-2024-49202 | Hig | 0.49 | 7.6 | 0.00 | Dec 18, 2024 | Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0. | ||
| CVE-2024-44786 | Hig | 0.49 | 7.5 | 0.01 | Nov 22, 2024 | Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | ||
| CVE-2024-28058 | Hig | 0.49 | 7.5 | 0.00 | Nov 18, 2024 | In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data. | ||
| CVE-2024-36063 | Hig | 0.49 | 7.5 | 0.00 | Nov 7, 2024 | The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component. | ||
| CVE-2023-23976 | Hig | 0.49 | 7.5 | 0.00 | Apr 24, 2024 | Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | ||
| CVE-2023-5042 | Hig | 0.49 | 7.5 | 0.00 | Sep 20, 2023 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575. | ||
| CVE-2018-8848 | Hig | 0.49 | 7.5 | 0.02 | Sep 26, 2018 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. | ||
| CVE-2017-4975 | Hig | 0.49 | 7.5 | 0.01 | Jun 13, 2017 | An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. | ||
| CVE-2026-33590 | Hig | 0.48 | — | 0.00 | May 28, 2026 | Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root… | ||
| CVE-2026-33572 | Hig | 0.48 | 8.4 | 0.00 | Mar 29, 2026 | OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output. |
- risk 0.51cvss 7.8epss 0.01
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
- risk 0.51cvss 7.8epss 0.00
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
- risk 0.50cvss 8.8epss 0.00
HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and…
- risk 0.50cvss 7.7epss 0.00
The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written…
- risk 0.50cvss 7.7epss 0.00
A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content.
- risk 0.50cvss 8.8epss 0.00
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value.
- risk 0.50cvss 7.7epss 0.00
The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect…
- risk 0.50cvss 7.7epss 0.00
The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the…
- risk 0.49cvss 7.5epss 0.00
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
- risk 0.49cvss —epss 0.00
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application…
- risk 0.49cvss 7.6epss 0.00
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0.
- risk 0.49cvss 7.5epss 0.01
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.
- risk 0.49cvss 7.5epss 0.00
In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.
- risk 0.49cvss 7.5epss 0.00
The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component.
- risk 0.49cvss 7.5epss 0.00
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
- risk 0.49cvss 7.5epss 0.00
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713, Acronis True Image OEM (Windows) before build 42575.
- risk 0.49cvss 7.5epss 0.02
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.
- risk 0.48cvss —epss 0.00
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root…
- risk 0.48cvss 8.4epss 0.00
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output.