Safeguard
Tag

privilege-escalation

Safeguard articles tagged "privilege-escalation" — guides, analysis, and best practices for software supply chain and application security.

43 articles

Vulnerabilities

CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day File-Write Exploited in the Wild

Cisco confirmed limited in-the-wild exploitation of CVE-2026-20262, an arbitrary file-write zero-day in Catalyst SD-WAN Manager, alongside CVE-2026-20245. Here's what the chain actually buys an attacker and why edge management planes keep ending up on the KEV list.

Jun 14, 20267 min read
Vulnerabilities

Defender 'RoguePlanet' Zero-Day (CVE-2026-50656): SYSTEM on Fully Patched Windows

A race condition in Microsoft Defender, dubbed RoguePlanet, reportedly hands attackers SYSTEM privileges on fully updated Windows. We break down what is confirmed, what is still hedged, and what to do while the patch is in development.

Jun 13, 20267 min read
Agent Security

Claw Chain: Four Chained CVEs Turn 245,000 OpenClaw Agents Into Backdoors (May 2026)

Cyera disclosed four chainable flaws in OpenClaw on May 15, 2026 that take an autonomous agent from prompt injection to credential theft, privilege escalation, and a persistent backdoor. Roughly 245,000 instances sit exposed on the internet.

May 16, 202611 min read
Vulnerability Analysis

What is Privilege Escalation

Privilege escalation turns a minor foothold into a full breach. Learn the techniques, real-world examples, and how to detect and stop it.

Mar 28, 20266 min read
Vulnerability Analysis

What is Broken Access Control

Broken access control is OWASP's #1 web risk, found in 94% of apps tested. See how IDOR flaws breached First American, USPS, and Parler.

Mar 28, 20266 min read
AI Security

GenAI Coding Agent Privilege Escalation

Autonomous coding agents can escalate privilege in subtle ways that traditional threat models miss. A breakdown of the common escalation paths and how to constrain them.

Feb 28, 20267 min read
Vulnerability Analysis

PwnKit Five Years On: Why CVE-2021-4034 Still Lives in Production

PwnKit was a trivial local privilege escalation in polkit that affected nearly every Linux distribution for over a decade. The technical details and the residual risk in 2026.

Feb 3, 20265 min read
Vulnerability Analysis

Sudo Baron Samedit heap overflow (CVE-2021-3156)

A decade-old sudo heap overflow, CVE-2021-3156 (Baron Samedit), let any local user gain root. Here's what's affected and how to fix it.

Jan 18, 20267 min read
Cloud Security

Common AWS IAM misconfigurations that lead to breaches

Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.

Jan 17, 20268 min read
Vulnerability Analysis

Dirty COW Linux kernel privilege escalation (CVE-2016-5195)

Dirty COW (CVE-2016-5195) let local attackers hijack a kernel race condition for root. Nine years old, still found in fleets — here's how to find and fix it.

Jan 10, 20268 min read
Vulnerability Analysis

Dirty Pipe Linux kernel arbitrary write (CVE-2022-0847)

Dirty Pipe (CVE-2022-0847) lets local attackers overwrite read-only files via a pipe buffer flaw, enabling fast, reliable root escalation on Linux and Android.

Jan 10, 20268 min read
Vulnerability Analysis

Kubernetes API server privilege escalation via aggregated API (CVE-2018-1002105)

A critical flaw in Kubernetes' aggregated API let unauthenticated users gain full admin privileges. Here's how it worked and how to fix it.

Jan 9, 20267 min read
privilege-escalation (Page 2) — Safeguard Blog