Skip to main content

Server EUVDEUVD-2026-15483

| CVE-2026-1712 MEDIUM
Incorrect Privilege Assignment (CWE-266)
2026-03-25 HYPR GHSA-gwp7-phfm-2677
5.8
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.8 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
10.7
EUVD ID Assigned
Mar 25, 2026 - 17:17 euvd
EUVD-2026-15483
Analysis Generated
Mar 25, 2026 - 17:17 vuln.today
CVE Published
Mar 25, 2026 - 16:56 nvd
MEDIUM 5.8

DescriptionCVE.org

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7.

AnalysisAI

An incorrect privilege assignment vulnerability in HYPR Server allows authenticated users to escalate their privileges through an unspecified mechanism. HYPR Server versions 10.5.1 through 10.6.x are affected, with the vulnerability resolved in version 10.7 and later. An attacker with valid user credentials can exploit this flaw to gain elevated permissions, potentially compromising the entire authentication infrastructure managed by the HYPR Server instance.

Technical ContextAI

This vulnerability is rooted in CWE-266 (Incorrect Privilege Assignment), which occurs when a system fails to properly enforce privilege boundaries during user role assignment or privilege escalation logic. The affected product is HYPR Server (cpe:2.3:a:hypr:server:*:*:*:*:*:*:*:*), an identity and access management platform. The flaw exists in the privilege assignment logic between versions 10.5.1 and 10.6.x, indicating a regression or improper validation of user permissions during role or capability assignment. The vulnerability likely stems from insufficient authorization checks in the privilege elevation code path, where the system fails to validate that a user should be permitted to assume elevated roles.

RemediationAI

Upgrade HYPR Server to version 10.7 or later immediately to remediate this vulnerability. The patch is available from HYPR and addresses the incorrect privilege assignment logic. Until patching can be completed, organizations should implement compensating controls by restricting administrative access to HYPR Server's privilege management functions to a minimal set of trusted administrators, enforcing multi-factor authentication for all administrative users, and implementing enhanced audit logging on privilege-related operations to detect suspicious elevation attempts. Access the official security advisory and patch downloads at https://www.hypr.com/trust-center/security-advisories.

More in Server

View all
CVE-2018-1000881 CRITICAL POC
9.8 Dec 20

Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injectio

CVE-2026-60104 CRITICAL POC
9.3 Jul 08

Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any oth

CVE-2026-43639 HIGH POC
8.9 May 11

Provider service users in Bitwarden Server Cloud can hijack arbitrary organizations via unauthorized API endpoint access

CVE-2021-42973 HIGH POC
8.8 Dec 07

NoMachine Server is affected by Integer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack compl

CVE-2021-42972 HIGH POC
8.8 Dec 07

NoMachine Server is affected by Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack comple

CVE-2026-43640 HIGH POC
8.6 May 11

Authentication bypass in Bitwarden Server versions prior to 2026.4.1 allows authenticated users with SCIM management pri

CVE-2019-25609 HIGH POC
8.6 Mar 22

JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration fiel

CVE-2023-30223 HIGH POC
7.5 Jun 16

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to sen

CVE-2023-30222 HIGH POC
7.5 Jun 16

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to

CVE-2026-57520 HIGH POC
7.1 Jun 25

Privilege escalation in self-hosted Bitwarden Server before 2026.5.0 lets an authenticated organization member holding a

CVE-2017-7855 MEDIUM POC
6.1 Aug 31

In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" paramet

CVE-2022-39395 CRITICAL
9.9 Nov 10

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Rated critical se

Share

EUVD-2026-15483 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy