CWE-250— Execution with Unnecessary Privileges
305 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-250page 7 of 7
- CVE-2026-44477CRITICALCVSS 9.9EG 9.92026-05-28
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local …
- CVE-2026-4498HIGHCVSS 7.7EG 7.72026-04-08
Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). This requires an authenticated Kibana…
- CVE-2026-4606CRITICALCVSS 10.0EG 10.02026-03-23
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that ru…
- CVE-2026-4667HIGHCVSS 7.3EG 7.32026-04-15
HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.
- CVE-2026-8370HIGHCVSS 8.5EG 8.52026-05-19
Execution with unnecessary privileges vulnerability in Broadcom Automic Automation Agent Unix on Linux x64, Linux Power 64 BE, Linux Power 64 LE, zLinux (zSeries), AIX, Solaris x64, Solaris Sparc 64 allows Privilege Escalation, Target Prog…
Map vulnerabilities like CWE-250 to your infrastructure
EchelonGraph correlates every CVE — across CWE-250 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →