CVE-2026-47366
7.2 HIGHImproper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-284
Description
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48610 — Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
- CVE-2026-44249 — Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
- CVE-2026-45178 — Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints
- CVE-2026-45177 — Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)