CWE-264 · threatengine.sh

Home/CWE/Permissions, Privileges, and Access Controls

Weakness

Permissions, Privileges, and Access Controls

CWE-264 · Category

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

◆

ATT&CK Techniques

Adversary techniques associated with this weakness, via MITRE CAPEC and authoritative CTID CVE mappings.
T1059Command and Scripting Interpreter
T1059.001PowerShell
T1068Exploitation for Privilege Escalation
T1078Valid Accounts
T1078.003Local Accounts
T1087Account Discovery
T1091Replication Through Removable Media
T1105Ingress Tool Transfer
T1136Create Account
T1190Exploit Public-Facing Application
T1203Exploitation for Client Execution
T1499.004Application or System Exploitation
T1608Stage Capabilities

⚠

CVEs With This Weakness

5,488

A sample of the 5,488 CVEs tagged with this weakness.
CVECVE-2026-9368
CVECVE-2026-6878
CVECVE-2026-6224
CVECVE-2026-6117
CVECVE-2026-41974
CVECVE-2026-41962
CVECVE-2026-28541
CVECVE-2026-24931
CVECVE-2026-24924
CVECVE-2026-24923
CVECVE-2026-24920
CVECVE-2026-20046
View all 5,488 CVEs with this weakness

◉

Nuclei Scanner Templates

Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
criticalShortCode Addons - Unauthenticated Options Update
criticalWordPress Accordions  - Unauthenticated Settings Update
criticalADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
criticalDotNetNuke 07.04.00 - Administration Authentication Bypass
criticalWordPress Advanced Access Manager - Path Traversal
criticalZTE Cable Modem Web Shell
highWordPress RevSlider - Remote Code Execution via File Upload
mediumRed Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure

External lookups - second-class, for what we don’t hold ourselves

MITRE CWE