privilege-escalation
Safeguard articles tagged "privilege-escalation" — guides, analysis, and best practices for software supply chain and application security.
43 articles
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day File-Write Exploited in the Wild
Cisco confirmed limited in-the-wild exploitation of CVE-2026-20262, an arbitrary file-write zero-day in Catalyst SD-WAN Manager, alongside CVE-2026-20245. Here's what the chain actually buys an attacker and why edge management planes keep ending up on the KEV list.
Defender 'RoguePlanet' Zero-Day (CVE-2026-50656): SYSTEM on Fully Patched Windows
A race condition in Microsoft Defender, dubbed RoguePlanet, reportedly hands attackers SYSTEM privileges on fully updated Windows. We break down what is confirmed, what is still hedged, and what to do while the patch is in development.
Claw Chain: Four Chained CVEs Turn 245,000 OpenClaw Agents Into Backdoors (May 2026)
Cyera disclosed four chainable flaws in OpenClaw on May 15, 2026 that take an autonomous agent from prompt injection to credential theft, privilege escalation, and a persistent backdoor. Roughly 245,000 instances sit exposed on the internet.
What is Privilege Escalation
Privilege escalation turns a minor foothold into a full breach. Learn the techniques, real-world examples, and how to detect and stop it.
What is Broken Access Control
Broken access control is OWASP's #1 web risk, found in 94% of apps tested. See how IDOR flaws breached First American, USPS, and Parler.
GenAI Coding Agent Privilege Escalation
Autonomous coding agents can escalate privilege in subtle ways that traditional threat models miss. A breakdown of the common escalation paths and how to constrain them.
PwnKit Five Years On: Why CVE-2021-4034 Still Lives in Production
PwnKit was a trivial local privilege escalation in polkit that affected nearly every Linux distribution for over a decade. The technical details and the residual risk in 2026.
Sudo Baron Samedit heap overflow (CVE-2021-3156)
A decade-old sudo heap overflow, CVE-2021-3156 (Baron Samedit), let any local user gain root. Here's what's affected and how to fix it.
Common AWS IAM misconfigurations that lead to breaches
Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.
Dirty COW Linux kernel privilege escalation (CVE-2016-5195)
Dirty COW (CVE-2016-5195) let local attackers hijack a kernel race condition for root. Nine years old, still found in fleets — here's how to find and fix it.
Dirty Pipe Linux kernel arbitrary write (CVE-2022-0847)
Dirty Pipe (CVE-2022-0847) lets local attackers overwrite read-only files via a pipe buffer flaw, enabling fast, reliable root escalation on Linux and Android.
Kubernetes API server privilege escalation via aggregated API (CVE-2018-1002105)
A critical flaw in Kubernetes' aggregated API let unauthenticated users gain full admin privileges. Here's how it worked and how to fix it.