Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CWE-286

ClassIncomplete

Incorrect User Management

The product does not properly manage a user within its environment.

23 linked vulnerabilities

1 related weaknesses

Extended Description

Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.

Other

Varies by Context

Modes of Introduction

Architecture and Design

Implementation

Operation

Related Weaknesses

CWE-284ChildOf

Example CVEs (2)

CVE-2022-36109

Containerization product does not record a user's supplementary group ID, allowing bypass of group restrictions.

CVE-1999-1193

Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.

External Links

MITRE CWE Database

CWE-286: Incorrect User Management | Mondoo Vulnerability Intelligence