1. Home
  2. Weaknesses
  3. CWE-266

CWE-266: Incorrect Privilege Assignment

ID CWE-266
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 116
Detail Dashboard Vulnerabilities Web & Social
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Modes of Introduction

Phase Note
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-269 Improper Privilege Management Class Simple Draft
CWE-1000 Research Concepts Draft CWE-286 Incorrect User Management Class Simple Incomplete

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date