Acl

The analytic detects ACL deletion on the domain root object in Active Directory by monitoring Windows Event Log Security event ID 5136, identifying significant AD changes with potentially high impact.

This detection identifies an Active Directory access-control list (ACL) modification event, which applies the minimum required extended rights to perform the DCShadow attack by modifying permissions on the domainDNS object.

Detection of Active Directory user object ACL modifications that grant dangerous permissions, such as full control or the ability to modify permissions, potentially indicating privilege escalation or malicious activity.

APPYAP Technology and Information Inc.'s Yaay Social Media App, versions 3.8.0 through 24102025, contains an authorization bypass vulnerability (CVE-2025-12008) that allows unauthorized access to functionality due to improperly constrained access control lists (ACLs).

CVE-2026-31712 is a security vulnerability in ksmbd requiring a minimum ACE size check in smb_check_perm_dacl(), potentially leading to unauthorized access or privilege escalation.

CVE-2026-31706 is a vulnerability in ksmbd related to improper validation of num_aces and insufficient hardening of the ACE walk in smb_inherit_dacl(), potentially leading to unauthorized access or privilege escalation.

Goshs is vulnerable to an authorization bypass (CVE-2026-40189) due to inconsistent enforcement of .goshs ACLs on state-changing routes, allowing an unauthenticated attacker to manipulate files within protected directories and bypass authentication barriers.