Description
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Extended Description
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
CVE vulnerabilities with CWE-271 (12)
9.4
CVSS
CRITICAL
CVE-2026-44477
pub. 2026-05-28
8.1
CVSS
HIGH
CVE-2019-11243
pub. 2019-04-22
8.0
CVSS
HIGH
CVE-2024-0985
pub. 2024-02-08
8.0
CVSS
HIGH
CVE-2023-22648
pub. 2023-06-01
7.9
CVSS
HIGH
CVE-2025-53819
pub. 2025-07-14
7.8
CVSS
HIGH
CVE-2022-3569
pub. 2022-10-17
7.4
CVSS
HIGH
CVE-2026-35535
pub. 2026-04-03
7.3
CVSS
HIGH
CVE-2025-23395
pub. 2025-05-26
6.8
CVSS
MEDIUM
CVE-2024-35179
pub. 2024-05-15
6.1
CVSS
MEDIUM
CVE-2023-38496
pub. 2023-07-25
5.8
CVSS
MEDIUM
CVE-2026-25704
pub. 2026-03-30
4.9
CVSS
MEDIUM
CVE-2020-35513
pub. 2021-01-26