CWE-265 (Privilege Issues) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-9368 | 2026-05-24 | A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handl… |
| CVE-2026-6878 | 2026-04-23 | A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate … |
| CVE-2026-6224 | 2026-04-13 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javasc… |
| CVE-2026-6117 | 2026-04-12 | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endp… |
| CVE-2025-5874 | 2025-06-09 | A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handle… |
| CVE-2025-5321 | 2025-05-29 | A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view… |
| CVE-2024-2007 | 2024-03-21 | A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads… |
| CVE-2023-5223 | 2023-09-27 | A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to… |
| CVE-2023-26122 | 2023-04-11 | All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerabi… |
| CVE-2020-1889 | 2020-09-03 | A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution v… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Theoretical_Notes |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Description, Research_Gaps, Theoretical_Notes |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Potential_Mitigations |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Potential_Mitigations |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Detection_Factors, Potential_Mitigations, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Description, Name, Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Mapping_Notes |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |