VYPR

CWE-693

Protection Mechanism Failure

PillarDraft

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-107 · CAPEC-127 · CAPEC-17 · CAPEC-20 · CAPEC-22 · CAPEC-237 · CAPEC-36 · CAPEC-477 · CAPEC-480 · CAPEC-51 · CAPEC-57 · CAPEC-59 · CAPEC-65 · CAPEC-668 · CAPEC-74 · CAPEC-87

CVEs mapped to this weakness (353)

page 5 of 18
  • CVE-2026-45588HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-0087HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…

  • CVE-2026-0077HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2026-0045HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-48652HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-48649HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-7913HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

  • CVE-2025-31224HigMay 12, 2025
    risk 0.51cvss 7.8epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass certain Privacy preferences.

  • CVE-2024-20673HigFeb 13, 2024
    risk 0.51cvss 7.8epss 0.01

    Microsoft Office Remote Code Execution Vulnerability

  • CVE-2018-9322HigMay 31, 2018
    risk 0.51cvss 7.8epss 0.01

    The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection…

  • CVE-2018-9320HigMay 31, 2018
    risk 0.51cvss 7.8epss 0.01

    The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.

  • CVE-2018-9312HigMay 31, 2018
    risk 0.51cvss 7.8epss 0.01

    The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.

  • CVE-2026-47135HigJun 12, 2026
    risk 0.50cvss 8.7epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol…

  • CVE-2026-24425HigMay 20, 2026
    risk 0.50cvss 8.8epss 0.01

    Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PHP callables to sort, filter, map, and reduce filters. Attackers can exploit the…

  • CVE-2026-45227HigMay 12, 2026
    risk 0.50cvss 8.8epss 0.00

    Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover…

  • CVE-2026-41900HigMay 8, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has…

  • CVE-2026-35408HigApr 6, 2026
    risk 0.50cvss 8.7epss 0.00

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a malicious cross-origin window that opens the…

  • CVE-2026-33622HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.01

    PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /tabs/{id}/wait` when the request uses `fn` mode, even if…

  • CVE-2025-46358HigJul 11, 2025
    risk 0.50cvss 7.7epss 0.00

    Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

  • CVE-2026-47209HigJun 12, 2026
    risk 0.49cvss 8.6epss 0.00

    vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy (e.g., when…