Skip to main content

CWE-250

Execution with Unnecessary Privileges

259 CVEs Avg CVSS 7.7 MITRE
42
CRITICAL
150
HIGH
62
MEDIUM
4
LOW
27
POC
1
KEV

Monthly

CVE-2026-15584 HIGH This Week

Privilege escalation in Red Hat OpenShift's incluster-checks diagnostic tool lets any authenticated user holding the standard 'edit' RBAC role escalate to root on the underlying cluster nodes. The tool provisions privileged debug pods with host-filesystem access inside the shared default namespace, so a low-privileged tenant can simply exec into an existing pod and break out to the host. No public exploit identified at time of analysis, and no CISA KEV listing; EPSS data was not provided in the source intelligence.

Privilege Escalation Pen Drive Powered By Red Hat Lightspeed
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-48584 HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Azure Synapse (the cloud analytics service) allows an already-authorized, low-privileged attacker to elevate their privileges over the network, gaining high confidentiality, integrity, and availability impact (CVSS 8.8). The root cause is a component executing with unnecessary privileges (CWE-250), letting a tenant or workspace user with limited rights break out to a higher trust level. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.50%), with CISA SSVC marking exploitation status as 'none.'

Privilege Escalation Microsoft Azure Synapse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-12505 HIGH This Week

Local privilege escalation in the cifs-utils cifs.upcall helper allows low-privileged Linux users to gain root by abusing the kernel request_key interface to load a malicious NSS module inside an attacker-controlled mount namespace. The root-owned helper fails to drop privileges before performing user-name resolution, so the attacker's NSS module executes with full root capabilities. No public exploit identified at time of analysis, but the bug affects every supported Red Hat Enterprise Linux release (6 through 10) and OpenShift Container Platform 4, making it a high-priority hardening fix for any host with CIFS/SMB client functionality.

Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-12027 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Headless component sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and carries CVSS 9.6 due to scope change and user interaction, though EPSS remains very low (0.03%) and there is no public exploit identified at time of analysis. A vendor patch is available in the stable channel update published June 2026.

Privilege Escalation Google Red Hat
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11626 MEDIUM This Month

Local privilege escalation in Broadcom's Symantec Endpoint Protection CleanWipe Removal Tool for macOS, versions prior to 16.0.0.65, allows a local attacker to gain administrative control of the affected system. The vulnerability is rooted in CWE-250 (Execution with Unnecessary Privileges), a class where a process operates with more permissions than its function requires, creating an elevation pathway. No public exploit code has been identified at time of analysis, and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog; however, the full confidentiality, integrity, and availability impact on the vulnerable component (VC:H/VI:H/VA:H) underscores the severity of a successful exploitation.

Apple Privilege Escalation
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-50566 Go CRITICAL POC PATCH GHSA Act Now

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RBAC to define Environment custom resources with privileged, allowPrivilegeEscalation, or dangerous Linux capabilities on the bare Runtime.Container or Builder.Container fields, which bypass the existing PodSpec safety validator and get scheduled under the executor's high-privilege service account. Successful abuse enables container-sandbox escape, host filesystem and network access, and node- or cluster-level compromise. No public exploit identified at time of analysis, but the upstream fix is published in v1.24.0.

Privilege Escalation Kubernetes Fission
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-50565 Go MEDIUM PATCH GHSA This Month

Kubernetes service account token exposure in Fission serverless framework prior to v1.24.0 allows authenticated high-privilege users to escalate cluster privileges via a malicious builder image. Builder pods were created with ServiceAccountName set to fission-builder but without AutomountServiceAccountToken: false, causing the Kubernetes kubelet to automatically inject the fission-builder service account credential into every container in the pod - including untrusted, user-supplied builder images. An attacker with sufficient Fission privileges to register or modify builder environments can exploit this to read the mounted token and authenticate directly to the Kubernetes API using the fission-builder service account's RBAC permissions. No public exploit identified at time of analysis; vendor-released patch is available in v1.24.0.

Privilege Escalation Kubernetes
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-46748 HIGH CISA This Week

Local privilege escalation in Siemens SINEC INS (versions prior to V1.0 SP2 Update 6) stems from a binary shipped with the Linux cap_dac_override capability, which bypasses filesystem discretionary access control checks. An authenticated local attacker can leverage this overly broad capability to read or modify any file on the system, ultimately obtaining root. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Sinec Ins
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-11167 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the WebView sandbox via a crafted HTML page. The flaw stems from an inappropriate implementation in WebView and is chained behind a prior renderer compromise, requiring user interaction. No public exploit identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating no current evidence of widespread exploitation despite the high CVSS score of 9.6.

Google Privilege Escalation Chrome
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-10843 HIGH This Week

Privilege escalation in Red Hat OpenShift's Cloud Credential Operator (CCO) Mint-mode on AWS allows an attacker who compromises operator credentials to perform destructive actions across the entire AWS account rather than only cluster-owned resources. The over-privileged IAM policies break least-privilege boundaries, turning a single cluster credential leak into an account-wide blast radius. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Privilege escalation in Red Hat OpenShift's incluster-checks diagnostic tool lets any authenticated user holding the standard 'edit' RBAC role escalate to root on the underlying cluster nodes. The tool provisions privileged debug pods with host-filesystem access inside the shared default namespace, so a low-privileged tenant can simply exec into an existing pod and break out to the host. No public exploit identified at time of analysis, and no CISA KEV listing; EPSS data was not provided in the source intelligence.

Privilege Escalation Pen Drive Powered By Red Hat Lightspeed
NVD
EPSS 0% CVSS 8.8
HIGH PATCH NO ACTION HOSTED Monitor

Privilege escalation in Microsoft Azure Synapse (the cloud analytics service) allows an already-authorized, low-privileged attacker to elevate their privileges over the network, gaining high confidentiality, integrity, and availability impact (CVSS 8.8). The root cause is a component executing with unnecessary privileges (CWE-250), letting a tenant or workspace user with limited rights break out to a higher trust level. No public exploit identified at time of analysis, and EPSS exploitation probability is low (0.50%), with CISA SSVC marking exploitation status as 'none.'

Privilege Escalation Microsoft Azure Synapse
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the cifs-utils cifs.upcall helper allows low-privileged Linux users to gain root by abusing the kernel request_key interface to load a malicious NSS module inside an attacker-controlled mount namespace. The root-owned helper fails to drop privileges before performing user-name resolution, so the attacker's NSS module executes with full root capabilities. No public exploit identified at time of analysis, but the bug affects every supported Red Hat Enterprise Linux release (6 through 10) and OpenShift Container Platform 4, making it a high-priority hardening fix for any host with CIFS/SMB client functionality.

Privilege Escalation Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +4
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the Headless component sandbox via a crafted HTML page. The flaw is rated High severity by Chromium and carries CVSS 9.6 due to scope change and user interaction, though EPSS remains very low (0.03%) and there is no public exploit identified at time of analysis. A vendor patch is available in the stable channel update published June 2026.

Privilege Escalation Google Red Hat
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Local privilege escalation in Broadcom's Symantec Endpoint Protection CleanWipe Removal Tool for macOS, versions prior to 16.0.0.65, allows a local attacker to gain administrative control of the affected system. The vulnerability is rooted in CWE-250 (Execution with Unnecessary Privileges), a class where a process operates with more permissions than its function requires, creating an elevation pathway. No public exploit code has been identified at time of analysis, and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog; however, the full confidentiality, integrity, and availability impact on the vulnerable component (VC:H/VI:H/VA:H) underscores the severity of a successful exploitation.

Apple Privilege Escalation
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

Privilege escalation in Fission prior to version 1.24.0 allows a tenant holding environments.fission.io create/update RBAC to define Environment custom resources with privileged, allowPrivilegeEscalation, or dangerous Linux capabilities on the bare Runtime.Container or Builder.Container fields, which bypass the existing PodSpec safety validator and get scheduled under the executor's high-privilege service account. Successful abuse enables container-sandbox escape, host filesystem and network access, and node- or cluster-level compromise. No public exploit identified at time of analysis, but the upstream fix is published in v1.24.0.

Privilege Escalation Kubernetes Fission
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Kubernetes service account token exposure in Fission serverless framework prior to v1.24.0 allows authenticated high-privilege users to escalate cluster privileges via a malicious builder image. Builder pods were created with ServiceAccountName set to fission-builder but without AutomountServiceAccountToken: false, causing the Kubernetes kubelet to automatically inject the fission-builder service account credential into every container in the pod - including untrusted, user-supplied builder images. An attacker with sufficient Fission privileges to register or modify builder environments can exploit this to read the mounted token and authenticate directly to the Kubernetes API using the fission-builder service account's RBAC permissions. No public exploit identified at time of analysis; vendor-released patch is available in v1.24.0.

Privilege Escalation Kubernetes
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Local privilege escalation in Siemens SINEC INS (versions prior to V1.0 SP2 Update 6) stems from a binary shipped with the Linux cap_dac_override capability, which bypasses filesystem discretionary access control checks. An authenticated local attacker can leverage this overly broad capability to read or modify any file on the system, ultimately obtaining root. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Privilege Escalation Sinec Ins
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on Android prior to 149.0.7827.53 allows a remote attacker who has already compromised the renderer process to break out of the WebView sandbox via a crafted HTML page. The flaw stems from an inappropriate implementation in WebView and is chained behind a prior renderer compromise, requiring user interaction. No public exploit identified at time of analysis, and EPSS sits at 0.03% (10th percentile), indicating no current evidence of widespread exploitation despite the high CVSS score of 9.6.

Google Privilege Escalation Chrome
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Privilege escalation in Red Hat OpenShift's Cloud Credential Operator (CCO) Mint-mode on AWS allows an attacker who compromises operator credentials to perform destructive actions across the entire AWS account rather than only cluster-owned resources. The over-privileged IAM policies break least-privilege boundaries, turning a single cluster credential leak into an account-wide blast radius. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Privilege Escalation
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy