CWE-648— Incorrect Use of Privileged APIs
62 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-648page 2 of 2
- CVE-2025-7344HIGHCVSS 8.8EG 8.82025-07-21
The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API.
- CVE-2026-20122MEDIUMCVSS 5.4EG 9.0⚠ KEV2026-02-25
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credenti…
- CVE-2026-22922MEDIUMCVSS 6.5EG 6.52026-02-09
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgr…
- CVE-2026-35625HIGHCVSS 7.8EG 7.82026-04-09
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can e…
- CVE-2026-35639HIGHCVSS 8.8EG 8.82026-04-09
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader operator scopes than the approver actually h…
- CVE-2026-35645HIGHCVSS 8.1EG 8.12026-04-09
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session del…
- CVE-2026-35663HIGHCVSS 8.8EG 8.82026-04-10
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining…
- CVE-2026-35669HIGHCVSS 8.8EG 8.82026-04-10
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope bo…
- CVE-2026-41225CRITICALCVSS 9.1EG 9.12026-05-13
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached …
- CVE-2026-41329CRITICALCVSS 9.9EG 9.92026-04-21
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to by…
- CVE-2026-41386CRITICALCVSS 9.1EG 9.12026-04-28
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate pr…
- CVE-2026-9560HIGHCVSS 7.8EG 7.82026-05-26
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
Map vulnerabilities like CWE-648 to your infrastructure
EchelonGraph correlates every CVE — across CWE-648 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →