目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-269 特权管理不恰当 类漏洞列表 1041

CWE-269 特权管理不恰当 类弱点 1041 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-269 属于权限管理不当漏洞,指产品未能正确分配、修改、跟踪或检查用户权限,导致攻击者获得非预期的控制范围。攻击者常利用此缺陷提升权限或越权访问敏感资源。开发者应实施最小权限原则,严格验证每次操作的身份与权限,确保权限分配、变更及撤销过程的安全性与完整性,从而防止未授权访问。

MITRE CWE 官方描述
CWE:CWE-269 权限管理不当 英文:产品未正确分配、修改、跟踪或检查某行为者(actor)的权限,从而为该行为者创建了一个非预期的控制范围。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
缓解措施 (3)
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system.
Architecture and DesignConsider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
代码示例 (2)
This code temporarily raises the program's privileges to allow creation of a new user folder.
def makeNewUserDir(username): if invalidUsername(username): #avoid CWE-22 and CWE-78 print('Usernames cannot contain invalid characters') return False try: raisePrivileges() os.mkdir('/home/' + username) lowerPrivileges() except OSError: print('Unable to create new user directory for user:' + username) return False return True
Bad · Python
The following example demonstrates the weakness.
seteuid(0); /* do some stuff */ seteuid(getuid());
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-8206 Kirki 6.0.0-6.0.6 未授权权限提升漏洞 — Kirki – Freeform Page Builder, Website Builder & Customizer 9.8 Critical2026-06-02
CVE-2026-10217 GoClaw RoleAdmin Gateway tts_config.go 权限管理漏洞 — GoClaw 6.3 Medium2026-06-01
CVE-2026-7465 WordPress plugin Spectra Gutenberg Blocks 安全漏洞 — Spectra Gutenberg Blocks – Website Builder for the Block Editor 8.8 High2026-05-30
CVE-2026-47744 shopper 授权问题漏洞 — shopper 9.9 Critical2026-05-29
CVE-2026-45043 rustfs 访问控制错误漏洞 — rustfs--2026-05-29
CVE-2026-8809 WordPress plugin Advanced Custom Fields: Extended 安全漏洞 — Advanced Custom Fields: Extended 9.8 Critical2026-05-28
CVE-2026-44543 Local Path Provisioner 安全漏洞 — local-path-provisioner 8.7 High2026-05-28
CVE-2026-8980 MENNEKES AMTRON 安全漏洞 — Amtron--2026-05-28
CVE-2026-6226 WordPress plugin Frontend Admin by DynamiApps 安全漏洞 — Frontend Admin by DynamiApps 8.8 High2026-05-28
CVE-2026-45716 Budibase 安全漏洞 — budibase 8.8 High2026-05-27
CVE-2026-46424 Budibase 安全漏洞 — budibase 4.2 Medium2026-05-27
CVE-2026-8787 WordPress plugin Firebase Support & Chat Management 安全漏洞 — Firebase Support & Chat Management 8.8 High2026-05-27
CVE-2026-9490 Acer Care Center 安全漏洞 — Care Center--2026-05-25
CVE-2026-6419 WordPress plugin WishList Member 安全漏洞 — Wishlist Member 8.8 High2026-05-23
CVE-2026-6897 WordPress plugin Wishlist Member 安全漏洞 — Wishlist Member 8.8 High2026-05-23
CVE-2026-6895 WordPress plugin WishList Member 安全漏洞 — Wishlist Member 8.8 High2026-05-23
CVE-2026-6898 WordPress plugin Wishlist Member 安全漏洞 — Wishlist Member 8.8 High2026-05-23
CVE-2026-23663 Microsoft Azure Entra ID 安全漏洞 — Microsoft Global Secure Access (GSA) 7.5 High2026-05-22
CVE-2026-40172 authentik 安全漏洞 — authentik 8.1 High2026-05-22
CVE-2026-9018 WordPress plugin Easy Elements for Elementor 安全漏洞 — Easy Elements for Elementor – Addons & Website Templates 8.8 High2026-05-22
CVE-2026-5118 WordPress plugin Divi Form Builder 安全漏洞 — Divi Form Builder 9.8 Critical2026-05-21
CVE-2026-45254 FreeBSD 安全漏洞 — FreeBSD--2026-05-21
CVE-2026-7467 WordPress plugin Read More & Accordion 安全漏洞 — Read More & Accordion 8.8 High2026-05-20
CVE-2026-7284 WordPress plugin Easy Elements for Elementor – Addons & Website Templates 安全漏洞 — Easy Elements for Elementor – Addons & Website Templates 9.8 Critical2026-05-20
CVE-2026-8719 WordPress plugin AI Engine 安全漏洞 — AI Engine – The Chatbot, AI Framework & MCP for WordPress 8.8 High2026-05-17
CVE-2026-45395 Open WebUI 安全漏洞 — open-webui 7.2 High2026-05-15
CVE-2026-45675 Open WebUI 安全漏洞 — open-webui 8.1 High2026-05-15
CVE-2026-6228 WordPress plugin Frontend Admin by DynamiApps 安全漏洞 — Frontend Admin by DynamiApps 8.8 High2026-05-15
CVE-2025-62625 AMD Processors 安全漏洞 — AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics--2026-05-14
CVE-2026-5193 WordPress plugin Essential Addons for Elementor 安全漏洞 — Essential Addons for Elementor – Popular Elementor Templates & Widgets 6.5 Medium2026-05-14

CWE-269(特权管理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 1041 条 CVE 漏洞。