CWE-266: Incorrect Privilege Assignment
low-riskA product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Abstraction: Base
Common Consequences
Access Control
→
Gain Privileges or Assume Identity
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-28000 | 9.8 | 88.8% | — |
| CVE-2024-22145 | 8.8 | 48.9% | — |
| CVE-2024-24882 | 9.8 | 48.3% | — |
| CVE-2022-20759 | 8.8 | 13.4% | — |
| CVE-2018-1088 | 8.1 | 10.8% | — |
| CVE-2023-1874 | 7.5 | 4.7% | — |
| CVE-2024-31771 | 7.8 | 3.0% | — |
| CVE-2024-3013 | 6.3 | 2.6% | — |
| CVE-2024-27460 | 6.7 | 2.5% | — |
| CVE-2024-10654 | 5.3 | 2.3% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal