CVE-2026-9651
CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and
CVSS
4.4
Medio
EPSS
0.1%
p1
KEV
—
Exploit Today
0
0-100
Publicado: 25 jun 2026 · Última mod.: 14 jul 2026 · CWE-732
0.1%EPSS · 30 días0.1%
2026-06-302026-07-16
CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-341107.8 ALT63.4%
——19WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.8dCVE-2017-176778.8 ALT60.4%
——18BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.8dCVE-2022-262817.5 ALT56.5%
——17BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.8dCVE-2023-317487.8 ALT53.4%
——16Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.8dCVE-2023-390049.8 CRÍ51.9%
——16Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.8dCVE-2021-406496.5 MED51.6%
——15In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.8d