CVSS: 7.1EPSS: %CPEs: 1EXPL: 0CVE-2026-40043 – Pachno 1.0.6 Authentication Bypass via runSwitchUser()
https://notcve.org/view.php?id=CVE-2026-40043
13 Apr 2026 — Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. • https://www.vulncheck.com/advisories/pachno-authentication-bypass-via-runswitchuser • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-40224
https://notcve.org/view.php?id=CVE-2026-40224
10 Apr 2026 — In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. • https://github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6m • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-33092
https://notcve.org/view.php?id=CVE-2026-33092
10 Apr 2026 — Local privilege escalation due to improper handling of environment variables. • https://security-advisory.acronis.com/advisories/SEC-9407 • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25203
https://notcve.org/view.php?id=CVE-2026-25203
10 Apr 2026 — Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1. • https://security.samsungtv.com/securityUpdates • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-35639 – OpenClaw < 2026.3.22 - Privilege Escalation via device.pair.approve Scope Validation
https://notcve.org/view.php?id=CVE-2026-35639
09 Apr 2026 — Attackers can exploit insufficient scope validation to escalate privileges to operator.admin and achieve remote code execution on the Node infrastructure. • https://github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-35625 – OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect
https://notcve.org/view.php?id=CVE-2026-35625
09 Apr 2026 — Attackers can exploit this by triggering local reconnection to silently escalate privileges and achieve remote code execution on the node. • https://github.com/openclaw/openclaw/commit/81ebc7e0344fd19c85778e883bad45e2da972229 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2026-4112
https://notcve.org/view.php?id=CVE-2026-4112
09 Apr 2026 — Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2026-34179 – Update of type field in restricted TLS certificate allows privilege escalation to cluster admin
https://notcve.org/view.php?id=CVE-2026-34179
09 Apr 2026 — In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin. • https://github.com/canonical/lxd/pull/17936 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2026-29923
https://notcve.org/view.php?id=CVE-2026-29923
09 Apr 2026 — The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures. • https://entechtaiwan.com/util/ps.shtm •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-30478
https://notcve.org/view.php?id=CVE-2026-30478
09 Apr 2026 — A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable. • https://github.com/penjaminTester/Research/tree/main/CVE-2026-30478 • CWE-427: Uncontrolled Search Path Element •