Skip to main content

CWE-732

Incorrect Permission Assignment for Critical Resource

1133 CVEs Avg CVSS 7.1 MITRE
98
CRITICAL
601
HIGH
388
MEDIUM
43
LOW
241
POC
2
KEV

Monthly

CVE-2026-54447 HIGH PATCH GHSA This Week

Local credential theft in the garminconnect Python library (versions <= 0.3.4) stems from writing its OAuth token store to disk without an explicit file mode, so under the default umask 022 the file garmin_tokens.json - containing the DI refresh token - is created world-readable (0o644). Any unprivileged co-tenant on a shared Linux or macOS host can read the token and exchange it at Garmin's OAuth endpoint for fresh access tokens, gaining persistent access to the victim's Garmin Connect account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix in 0.3.5 is confirmed and the issue is trivially reproducible under default configuration.

Python Apple Privilege Escalation Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
CVE-2026-15779 MEDIUM This Month

Unvalidated chown in Samba's pam_winbind module allows a local user with narrow sudo delegation to transfer ownership of the root filesystem directory to a system account, causing system-wide denial of service on Red Hat Enterprise Linux 6 through 10. When mkhomedir is enabled and a system account has its home directory set to '/', any PAM-triggered authentication event run as that account via sudo invokes the chown without path sanitization. The resulting ownership change breaks SSH, sudo, and package-manager functionality, though the 0555 permissions on RHEL prevent write access escalation, confining the impact to high-severity availability loss. No public exploit or CISA KEV listing is identified at time of analysis.

Red Hat Privilege Escalation Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD
CVSS 3.1
6.1
CVE-2026-62195 HIGH This Week

Authorization bypass in OpenClaw 2026.5.20 through 2026.6.5 lets a low-privilege caller invoke owner-only tools through the MCP loopback feature, escalating beyond intended permissions to execute or persist privileged actions. The flaw stems from incorrect permission enforcement (CWE-732) on configured input paths reachable over the network. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-62194 HIGH This Week

Privilege escalation in OpenClaw 2026.5.20 through 2026.6.8 lets an already-authenticated, lower-trust caller abuse the plugin install command path to execute or persist actions beyond their intended authorization. The root cause is an incorrect permission assignment (CWE-732) on plugin installation, and the CVSS 4.0 vector (PR:L, UI:N, AV:N) shows a low-privileged remote actor can achieve high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the CVE is not in CISA KEV, but a GitHub Security Advisory (GHSA-7vrr-rp4x-4g76) and a VulnCheck advisory document it.

Privilege Escalation Openclaw
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-9085 HIGH PATCH This Week

Local privilege abuse in TUBITAK BILGEM Pardus-Parental-Control (versions up to and including 0.5.1, fixed in 0.7.0) lets a low-privileged local user exploit insecure file/resource permissions to tamper with the tool's DNS configuration and perform DNS spoofing. Because the CVSS scope is changed (S:C), the impact reaches beyond the application to system-wide name resolution, enabling redirection of traffic, bypass of parental filtering, and interception of connections. There is no public exploit identified at time of analysis, but the reachable local vector and low complexity make this a practical concern on shared or managed Pardus endpoints.

Information Disclosure Pardus Parental Control
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-44268 MEDIUM PATCH This Month

Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-privileged local attackers across a broad range of supported release trains. The flaw (CWE-732) means a resource - likely a file, directory, or configuration object - carries overly permissive access controls, allowing a local attacker operating with elevated privileges to read data they are not authorized to access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the breadth of affected versions (seven release trains spanning 2024-2026 LTS and mainline builds) increases aggregate exposure across enterprise backup environments.

Authentication Bypass Dell Powerprotect Data Domain
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2026-13079 HIGH This Week

Local privilege escalation in WatchGuard Mobile VPN with SSL client for Windows (versions up to and including 2026.2) lets an authenticated local attacker elevate from a low-privileged account to NT AUTHORITY\SYSTEM on any machine where the client is installed. The flaw is rooted in insecure permission assignment (CWE-732), and there is no public exploit identified at time of analysis, though the vendor-reported nature and full high-impact CVSS (7.3, CVSS 4.0) make it a meaningful endpoint-hardening concern.

Privilege Escalation Watchguard Microsoft Fireware Os
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-13769 MEDIUM PATCH This Month

Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).

Information Disclosure Aws Cli Red Hat Suse
NVD GitHub
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-58174 MEDIUM PATCH This Month

Cross-profile workspace isolation bypass in Hermes WebUI before 0.51.521 allows an authenticated low-privilege user operating under the default profile to read files scoped to other named profiles' workspaces. The /api/session/import handler validates the workspace against the active named profile but omits setting the profile field on the constructed Session object, persisting it with a null profile value. Because the authorization layer treats null profile as equivalent to the default profile, any default-profile user can exploit imported session identifiers to traverse the intended profile boundary and extract file contents - a complete defeat of the application's workspace isolation model. No public exploit is identified at time of analysis, and a vendor-released patch is available at v0.51.521.

Information Disclosure Hermes Webui
NVD GitHub
CVSS 4.0
6.0
EPSS
0.3%
CVE-2026-43721 MEDIUM PATCH This Month

Clipboard data disclosure in Apple Safari (and the shared WebKit engine on iOS, iPadOS, and macOS) before version 26.5.2 lets a malicious website silently read or hijack clipboard contents without user interaction or permission, rated CVSS 7.5 (confidentiality-only). Apple has shipped fixes in Safari 26.5.2, iOS/iPadOS 26.5.2, and macOS Tahoe 26.5.2, and the issue was reported internally by Apple. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Apple Information Disclosure Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVSS 8.4
HIGH PATCH This Week

Local credential theft in the garminconnect Python library (versions <= 0.3.4) stems from writing its OAuth token store to disk without an explicit file mode, so under the default umask 022 the file garmin_tokens.json - containing the DI refresh token - is created world-readable (0o644). Any unprivileged co-tenant on a shared Linux or macOS host can read the token and exchange it at Garmin's OAuth endpoint for fresh access tokens, gaining persistent access to the victim's Garmin Connect account. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix in 0.3.5 is confirmed and the issue is trivially reproducible under default configuration.

Python Apple Privilege Escalation +1
NVD GitHub
CVSS 6.1
MEDIUM This Month

Unvalidated chown in Samba's pam_winbind module allows a local user with narrow sudo delegation to transfer ownership of the root filesystem directory to a system account, causing system-wide denial of service on Red Hat Enterprise Linux 6 through 10. When mkhomedir is enabled and a system account has its home directory set to '/', any PAM-triggered authentication event run as that account via sudo invokes the chown without path sanitization. The resulting ownership change breaks SSH, sudo, and package-manager functionality, though the 0555 permissions on RHEL prevent write access escalation, confining the impact to high-severity availability loss. No public exploit or CISA KEV listing is identified at time of analysis.

Red Hat Privilege Escalation Denial Of Service +5
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Authorization bypass in OpenClaw 2026.5.20 through 2026.6.5 lets a low-privilege caller invoke owner-only tools through the MCP loopback feature, escalating beyond intended permissions to execute or persist privileged actions. The flaw stems from incorrect permission enforcement (CWE-732) on configured input paths reachable over the network. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Openclaw
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Privilege escalation in OpenClaw 2026.5.20 through 2026.6.8 lets an already-authenticated, lower-trust caller abuse the plugin install command path to execute or persist actions beyond their intended authorization. The root cause is an incorrect permission assignment (CWE-732) on plugin installation, and the CVSS 4.0 vector (PR:L, UI:N, AV:N) shows a low-privileged remote actor can achieve high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the CVE is not in CISA KEV, but a GitHub Security Advisory (GHSA-7vrr-rp4x-4g76) and a VulnCheck advisory document it.

Privilege Escalation Openclaw
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege abuse in TUBITAK BILGEM Pardus-Parental-Control (versions up to and including 0.5.1, fixed in 0.7.0) lets a low-privileged local user exploit insecure file/resource permissions to tamper with the tool's DNS configuration and perform DNS spoofing. Because the CVSS scope is changed (S:C), the impact reaches beyond the application to system-wide name resolution, enabling redirection of traffic, bypass of parental filtering, and interception of connections. There is no public exploit identified at time of analysis, but the reachable local vector and low complexity make this a practical concern on shared or managed Pardus endpoints.

Information Disclosure Pardus Parental Control
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Incorrect permission assignment on a critical resource in Dell PowerProtect Data Domain exposes sensitive data to high-privileged local attackers across a broad range of supported release trains. The flaw (CWE-732) means a resource - likely a file, directory, or configuration object - carries overly permissive access controls, allowing a local attacker operating with elevated privileges to read data they are not authorized to access. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the breadth of affected versions (seven release trains spanning 2024-2026 LTS and mainline builds) increases aggregate exposure across enterprise backup environments.

Authentication Bypass Dell Powerprotect Data Domain
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation in WatchGuard Mobile VPN with SSL client for Windows (versions up to and including 2026.2) lets an authenticated local attacker elevate from a low-privileged account to NT AUTHORITY\SYSTEM on any machine where the client is installed. The flaw is rooted in insecure permission assignment (CWE-732), and there is no public exploit identified at time of analysis, though the vendor-reported nature and full high-impact CVSS (7.3, CVSS 4.0) make it a meaningful endpoint-hardening concern.

Privilege Escalation Watchguard Microsoft +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Credential exposure in AWS CLI on Unix-like systems allows other local users on the same host to read sensitive credentials written to disk by three specific subcommands: aws codeartifact login, aws iam create-virtual-mfa-device, and aws deploy register. When the system umask is at its default permissive value - the case on most Unix-like systems - credential files are written without adequately restrictive permissions, making them readable by other local accounts. No public exploit or CISA KEV listing exists at time of analysis; however, the vendor (Amazon) has confirmed the issue and released patched versions 1.44.78 (v1) and 2.34.29 (v2).

Information Disclosure Aws Cli Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Cross-profile workspace isolation bypass in Hermes WebUI before 0.51.521 allows an authenticated low-privilege user operating under the default profile to read files scoped to other named profiles' workspaces. The /api/session/import handler validates the workspace against the active named profile but omits setting the profile field on the constructed Session object, persisting it with a null profile value. Because the authorization layer treats null profile as equivalent to the default profile, any default-profile user can exploit imported session identifiers to traverse the intended profile boundary and extract file contents - a complete defeat of the application's workspace isolation model. No public exploit is identified at time of analysis, and a vendor-released patch is available at v0.51.521.

Information Disclosure Hermes Webui
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Clipboard data disclosure in Apple Safari (and the shared WebKit engine on iOS, iPadOS, and macOS) before version 26.5.2 lets a malicious website silently read or hijack clipboard contents without user interaction or permission, rated CVSS 7.5 (confidentiality-only). Apple has shipped fixes in Safari 26.5.2, iOS/iPadOS 26.5.2, and macOS Tahoe 26.5.2, and the issue was reported internally by Apple. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Apple Information Disclosure Ios And Ipados
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy