CWE-264 (Permissions, Privileges, and Access Controls) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-41974 | 2026-06-09 | Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2026-9368 | 2026-05-24 | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handl… |
| CVE-2026-41962 | 2026-05-15 | Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-6878 | 2026-04-23 | A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate … |
| CVE-2026-6224 | 2026-04-13 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javasc… |
| CVE-2026-6117 | 2026-04-12 | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endp… |
| CVE-2026-20046 | 2026-03-11 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of … |
| CVE-2026-28541 | 2026-03-05 | Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66319 | 2026-03-05 | Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2026-24924 | 2026-02-06 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-24920 | 2026-02-06 | Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2026-24931 | 2026-02-06 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2026-24923 | 2026-02-06 | Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-68967 | 2026-01-14 | Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-66329 | 2025-12-08 | Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66325 | 2025-12-08 | Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58302 | 2025-11-28 | Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-64315 | 2025-11-28 | Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. |
| CVE-2025-58315 | 2025-11-28 | Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-58312 | 2025-11-28 | Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated References |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Maintenance_Notes, Relationships |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Maintenance_Notes, References |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |