Skip to main content

CWE-284

Improper Access Control

4250 CVEs Avg CVSS 6.6 MITRE
565
CRITICAL
1448
HIGH
1866
MEDIUM
364
LOW
882
POC
31
KEV

Monthly

CVE-2026-20150 HIGH This Week

Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass Cisco Cisco Roomos Software
NVD
CVSS 3.1
8.8
CVE-2026-47164 HIGH PATCH This Week

Authentication bypass (account takeover) in Vaultwarden before 1.36.0 allows an attacker who controls a federated identity provider identity to log in as an arbitrary local user by asserting that user's email address. The flaw exists because the SSO login flow validated the IdP 'email_verified' claim only during new-user creation, but skipped it when SSO_SIGNUPS_MATCH_EMAIL=true linked an incoming IdP identity to a pre-existing local account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed in release 1.36.0.

Authentication Bypass Vaultwarden
NVD GitHub
CVSS 3.1
7.7
CVE-2026-36035 MEDIUM This Month

Incorrect access control in CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows any authenticated low-privilege user to invoke the /api/License/deactivateOffline endpoint and strip the server's license, rendering the service inoperable. The flaw (CWE-284) grants low-privileged accounts an action that should be restricted to administrative roles, providing a trivial denial-of-service primitive against industrial plant visualization infrastructure. No public exploit identified at time of analysis, though a researcher disclosure post on Medium appears to document the discovery.

Authentication Bypass Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-54628 Go HIGH POC GHSA This Week

Server-Side Request Forgery in Anyquery's server mode (versions < 0.4.5) lets remote attackers who reach the MySQL-compatible listener force the server to fetch arbitrary URLs through its built-in SQLite virtual table modules (json_reader, log_reader), which internally use go-getter. Because the server accepts MySQL connections without authentication and applies no allow/deny list on fetch targets, an attacker can CREATE VIRTUAL TABLE against internal endpoints or the cloud metadata IP (169.254.169.254) and read the response as a table, bypassing external firewalls to scan internal services and exfiltrate cloud IAM credentials. Publicly available exploit code exists (a working PoC is embedded in the vendor advisory); there is no CISA KEV listing or EPSS score in the provided data.

Authentication Bypass SSRF
NVD GitHub
CVSS 3.1
8.6
CVE-2026-47301 HIGH PATCH This Week

Privilege escalation in Microsoft Configuration Manager (versions 2509 and 2603) lets an already-authorized, low-privileged network user gain elevated privileges due to improper access control. Rated CVSS 8.8, the flaw yields full confidentiality, integrity, and availability impact and is remotely reachable, though it requires existing valid low-level access. Microsoft has released a patch; no public exploit identified at time of analysis.

Authentication Bypass Microsoft Microsoft Configuration Manager Microsoft Configuration Manager 2509 Microsoft Configuration Manager 2603
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-58617 HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft 365 Copilot for iOS lets a remote, unauthenticated attacker gain elevated access after a targeted user is lured into interacting with attacker-controlled content, per Microsoft's MSRC advisory. The flaw stems from improper access control (CWE-284) and carries a High CVSS 3.1 base score of 8.1 with high confidentiality and integrity impact but no availability impact. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.

Apple Authentication Bypass Microsoft Microsoft 365 Copilot For Ios
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2026-58545 MEDIUM PATCH This Month

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-57088 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Extensible Storage Engine (ESENT) database library allows an already-authenticated low-privileged user on affected Windows 10 1809, Windows Server 2019, 2022, and 2025 systems to gain higher privileges, with full loss of confidentiality, integrity, and availability. The flaw stems from improper access control (CWE-284) in a core OS component that services many system databases. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Windows 10 Version 1809 Windows Server 2019 Windows Server 2019 Server Core Installation Windows Server 2022 +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56157 MEDIUM PATCH Exploit Unlikely This Month

Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Server 2019 Microsoft Sharepoint Server Subscription Edition
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2026-50495 MEDIUM PATCH Exploit Unlikely This Month

Local tampering in Windows DNS via improper access control (CWE-284) allows a low-privilege authenticated local user to manipulate DNS configuration or records across a broad range of Windows 10, Windows 11, and Windows Server releases. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) confirms exploitation requires only a valid local account with no elevated privileges, yielding high integrity impact with minimal availability disruption and no direct confidentiality exposure. No public exploit code or CISA KEV listing has been identified at time of analysis, but the 'Authentication Bypass' advisory tag suggests DNS tampering may enable downstream bypass of authentication mechanisms dependent on DNS resolution, potentially amplifying the effective impact beyond the raw CVSS score.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVSS 8.8
HIGH This Week

Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass Cisco Cisco Roomos Software
NVD
CVSS 7.7
HIGH PATCH This Week

Authentication bypass (account takeover) in Vaultwarden before 1.36.0 allows an attacker who controls a federated identity provider identity to log in as an arbitrary local user by asserting that user's email address. The flaw exists because the SSO login flow validated the IdP 'email_verified' claim only during new-user creation, but skipped it when SSO_SIGNUPS_MATCH_EMAIL=true linked an incoming IdP identity to a pre-existing local account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed in release 1.36.0.

Authentication Bypass Vaultwarden
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Incorrect access control in CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows any authenticated low-privilege user to invoke the /api/License/deactivateOffline endpoint and strip the server's license, rendering the service inoperable. The flaw (CWE-284) grants low-privileged accounts an action that should be restricted to administrative roles, providing a trivial denial-of-service primitive against industrial plant visualization infrastructure. No public exploit identified at time of analysis, though a researcher disclosure post on Medium appears to document the discovery.

Authentication Bypass Denial Of Service
NVD
CVSS 8.6
HIGH POC This Week

Server-Side Request Forgery in Anyquery's server mode (versions < 0.4.5) lets remote attackers who reach the MySQL-compatible listener force the server to fetch arbitrary URLs through its built-in SQLite virtual table modules (json_reader, log_reader), which internally use go-getter. Because the server accepts MySQL connections without authentication and applies no allow/deny list on fetch targets, an attacker can CREATE VIRTUAL TABLE against internal endpoints or the cloud metadata IP (169.254.169.254) and read the response as a table, bypassing external firewalls to scan internal services and exfiltrate cloud IAM credentials. Publicly available exploit code exists (a working PoC is embedded in the vendor advisory); there is no CISA KEV listing or EPSS score in the provided data.

Authentication Bypass SSRF
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Microsoft Configuration Manager (versions 2509 and 2603) lets an already-authorized, low-privileged network user gain elevated privileges due to improper access control. Rated CVSS 8.8, the flaw yields full confidentiality, integrity, and availability impact and is remotely reachable, though it requires existing valid low-level access. Microsoft has released a patch; no public exploit identified at time of analysis.

Authentication Bypass Microsoft Microsoft Configuration Manager +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Privilege elevation in Microsoft 365 Copilot for iOS lets a remote, unauthenticated attacker gain elevated access after a targeted user is lured into interacting with attacker-controlled content, per Microsoft's MSRC advisory. The flaw stems from improper access control (CWE-284) and carries a High CVSS 3.1 base score of 8.1 with high confidentiality and integrity impact but no availability impact. No public exploit has been identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.

Apple Authentication Bypass Microsoft +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Extensible Storage Engine (ESENT) database library allows an already-authenticated low-privileged user on affected Windows 10 1809, Windows Server 2019, 2022, and 2025 systems to gain higher privileges, with full loss of confidentiality, integrity, and availability. The flaw stems from improper access control (CWE-284) in a core OS component that services many system databases. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Windows 10 Version 1809 Windows Server 2019 +4
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Improper access control in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Authentication Bypass Microsoft Microsoft Sharepoint Enterprise Server 2016 +2
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Local tampering in Windows DNS via improper access control (CWE-284) allows a low-privilege authenticated local user to manipulate DNS configuration or records across a broad range of Windows 10, Windows 11, and Windows Server releases. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) confirms exploitation requires only a valid local account with no elevated privileges, yielding high integrity impact with minimal availability disruption and no direct confidentiality exposure. No public exploit code or CISA KEV listing has been identified at time of analysis, but the 'Authentication Bypass' advisory tag suggests DNS tampering may enable downstream bypass of authentication mechanisms dependent on DNS resolution, potentially amplifying the effective impact beyond the raw CVSS score.

Authentication Bypass Microsoft Windows 10 Version 1809 +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy