Skip to main content

CWE-281

Improper Preservation of Permissions

271 CVEs Avg CVSS 6.7 MITRE
24
CRITICAL
120
HIGH
105
MEDIUM
20
LOW
40
POC
1
KEV

Monthly

CVE-2026-58494 Cargo MEDIUM PATCH This Month

Wasmtime's WASI filesystem implementation allows a sandboxed WebAssembly guest to overwrite host files that were intentionally exposed as read-only preopens. The wasmtime-wasi component checks directory-level permissions during hard-link creation (path_link) and rename (path_rename) operations but fails to verify that the source and destination preopens carry matching FilePerms flags - meaning FilePerms::READ enforcement is bypassed at the operation level. Affected versions span multiple major release trains (prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1); no public exploit code or CISA KEV listing is present at time of analysis, but the scope change from guest sandbox to host filesystem makes this a meaningful sandbox-escape class defect.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-4360 LOW PATCH Monitor

CPython's tarfile.extract() silently bypasses the 'filter' parameter when processing hardlinks within tar archives, writing files with attacker-controlled uid/gid values despite the caller specifying filter='data' for security. Systems that extract content from untrusted tar archives while relying on this filter mechanism for ownership hardening are left with unexpected file ownership on extracted hardlinks. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept is available at time of analysis; the CVSS 4.0 score of 2.0 reflects the narrow, low-impact nature of the flaw.

Information Disclosure Cpython
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2026-44947 MEDIUM PATCH This Month

Privilege persistence in SUSE Rancher allows project users to retain Pod Security Admission (PSA) permissions even after an administrator revokes those permissions from a RoleTemplate, due to a missing cleanup step in the legacy Project Role Template Binding (PRTB) reconciler. Affected versions are Rancher 2.13.0 through 2.13.7 and 2.14.0 through 2.14.3. An attacker with a pre-existing role assignment can continue to bypass PSA policies enforced at the project level, defeating administrative intent and potentially deploying workloads that violate the cluster's security posture. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV.

Authentication Bypass Rancher
NVD GitHub
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-40767 HIGH PATCH This Week

Unauthenticated information disclosure in the wpForo Forum WordPress plugin versions prior to 3.0.2 allows remote attackers to bypass access controls and read forum content that should be restricted. The flaw stems from improper permission preservation (CWE-281), letting unauthenticated users access data intended only for authorized members. No public exploit identified at time of analysis, but a vendor patch is available via Patchstack advisory.

Information Disclosure Wpforo Forum
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-47270 LOW PATCH Monitor

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Synology Information Disclosure
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-24194 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux Information Disclosure Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-34600 MEDIUM PATCH This Month

Unauthorized note disclosure in Joplin server versions 3.5.2 and prior allows authenticated former share recipients to retrieve notes after sharing has been revoked, via two compounding logic errors in the ChangeModel delta API. The first flaw attaches full item content to delta responses without re-verifying current share status; the second incorrectly compresses create → delete event sequences into a NOOP rather than a delete, causing the API to synthesize a create event with full note content for deleted items when those events span separate delta pages. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but confidentiality impact is rated High given that full note content is returned to unauthorized recipients.

Information Disclosure Joplin
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-25850 MEDIUM This Month

OpenHarmony v6.0 and prior versions expose sensitive information to local low-privileged attackers due to improper preservation of permissions (CWE-281). A locally authenticated attacker with standard user privileges can exploit this flaw to leak confidential data - achieving high confidentiality impact - without requiring elevated rights or user interaction. No public exploit code or active exploitation has been identified at time of analysis, but the low complexity and no-interaction-required nature of the attack make it straightforward to exploit once access is obtained.

Information Disclosure Openharmony
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-8325 MEDIUM PATCH This Month

Role-based access control bypass in WSO2 API Manager 3.x allows authenticated users with the 'Internal/Everyone' role to invoke Gateway and Internal Service APIs without proper permission enforcement, enabling unauthorized operations on sensitive REST API endpoints. The vulnerability affects multiple WSO2 products including API Control Plane, Universal Gateway, and Traffic Manager. CVSS 6.3 (network-accessible, low complexity, requires valid user credentials) indicates moderate severity with clear lateral privilege escalation potential in multi-tenant environments.

Information Disclosure Wso2 Api Control Plane Wso2 Universal Gateway Wso2 Traffic Manager Wso2 Api Manager +2
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-44832 PHP HIGH PATCH GHSA This Week

{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users. Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1 None.

Privilege Escalation
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Wasmtime's WASI filesystem implementation allows a sandboxed WebAssembly guest to overwrite host files that were intentionally exposed as read-only preopens. The wasmtime-wasi component checks directory-level permissions during hard-link creation (path_link) and rename (path_rename) operations but fails to verify that the source and destination preopens carry matching FilePerms flags - meaning FilePerms::READ enforcement is bypassed at the operation level. Affected versions span multiple major release trains (prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1); no public exploit code or CISA KEV listing is present at time of analysis, but the scope change from guest sandbox to host filesystem makes this a meaningful sandbox-escape class defect.

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

CPython's tarfile.extract() silently bypasses the 'filter' parameter when processing hardlinks within tar archives, writing files with attacker-controlled uid/gid values despite the caller specifying filter='data' for security. Systems that extract content from untrusted tar archives while relying on this filter mechanism for ownership hardening are left with unexpected file ownership on extracted hardlinks. No active exploitation has been confirmed (not in CISA KEV) and no public proof-of-concept is available at time of analysis; the CVSS 4.0 score of 2.0 reflects the narrow, low-impact nature of the flaw.

Information Disclosure Cpython
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Privilege persistence in SUSE Rancher allows project users to retain Pod Security Admission (PSA) permissions even after an administrator revokes those permissions from a RoleTemplate, due to a missing cleanup step in the legacy Project Role Template Binding (PRTB) reconciler. Affected versions are Rancher 2.13.0 through 2.13.7 and 2.14.0 through 2.14.3. An attacker with a pre-existing role assignment can continue to bypass PSA policies enforced at the project level, defeating administrative intent and potentially deploying workloads that violate the cluster's security posture. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV.

Authentication Bypass Rancher
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated information disclosure in the wpForo Forum WordPress plugin versions prior to 3.0.2 allows remote attackers to bypass access controls and read forum content that should be restricted. The flaw stems from improper permission preservation (CWE-281), letting unauthenticated users access data intended only for authorized members. No public exploit identified at time of analysis, but a vendor patch is available via Patchstack advisory.

Information Disclosure Wpforo Forum
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Synology Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux +2
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Unauthorized note disclosure in Joplin server versions 3.5.2 and prior allows authenticated former share recipients to retrieve notes after sharing has been revoked, via two compounding logic errors in the ChangeModel delta API. The first flaw attaches full item content to delta responses without re-verifying current share status; the second incorrectly compresses create → delete event sequences into a NOOP rather than a delete, causing the API to synthesize a create event with full note content for deleted items when those events span separate delta pages. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but confidentiality impact is rated High given that full note content is returned to unauthorized recipients.

Information Disclosure Joplin
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

OpenHarmony v6.0 and prior versions expose sensitive information to local low-privileged attackers due to improper preservation of permissions (CWE-281). A locally authenticated attacker with standard user privileges can exploit this flaw to leak confidential data - achieving high confidentiality impact - without requiring elevated rights or user interaction. No public exploit code or active exploitation has been identified at time of analysis, but the low complexity and no-interaction-required nature of the attack make it straightforward to exploit once access is obtained.

Information Disclosure Openharmony
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Role-based access control bypass in WSO2 API Manager 3.x allows authenticated users with the 'Internal/Everyone' role to invoke Gateway and Internal Service APIs without proper permission enforcement, enabling unauthorized operations on sensitive REST API endpoints. The vulnerability affects multiple WSO2 products including API Control Plane, Universal Gateway, and Traffic Manager. CVSS 6.3 (network-accessible, low complexity, requires valid user credentials) indicates moderate severity with clear lateral privilege escalation potential in multi-tenant environments.

Information Disclosure Wso2 Api Control Plane Wso2 Universal Gateway +4
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users. Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1 None.

Privilege Escalation
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy