Cyber Posture

CWE · MITRE source

CWE-286Incorrect User Management

Abstraction: Class · CVEs in our corpus: 30

The product does not properly manage a user within its environment.

Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.

Last updated: 09 May 2026 03:25 UTC

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
IA-4Identifier ManagementIADirectly implements correct management of identifiers for individuals, groups, roles, services, and devices.
PS-5Personnel TransferPSRequires confirmation and adjustment of user access rights during personnel transfers, mitigating incorrect user management.

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2023-266892.09.80.00162024-09-25
CVE-2025-647252.09.80.00022025-12-15
CVE-2024-292961.85.30.12942024-04-10
CVE-2024-488531.89.00.00262025-05-22
CVE-2025-79721.89.10.00142025-08-14
CVE-2026-356381.88.80.00052026-04-09
CVE-2023-39321.68.20.00082023-08-03
CVE-2023-255191.67.80.00062023-09-12
CVE-2024-280201.68.00.00282024-06-11
CVE-2025-599431.68.10.00062025-10-03
CVE-2021-215531.57.30.00032021-08-03
CVE-2022-355031.57.50.00202024-04-22
CVE-2024-93121.57.50.00052024-10-10
CVE-2024-581051.57.30.00012025-03-25
CVE-2023-202531.47.10.00012023-09-27
CVE-2024-272691.46.80.00072024-05-14
CVE-2022-322601.36.50.00102022-06-14
CVE-2022-458571.36.50.00222023-01-05
CVE-2024-466711.36.20.00232025-04-08
CVE-2025-635631.36.50.00052025-10-31
CVE-2023-08571.25.90.00082023-05-11
CVE-2021-262621.15.50.00112021-11-19
CVE-2023-31151.15.40.00042023-09-29
CVE-2023-39141.15.40.00042023-09-29
CVE-2023-39071.04.90.00032023-12-17