CWE · MITRE source
CWE-271Privilege Dropping / Lowering Errors
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
PS-5 | Personnel Transfer | PS | Mandates lowering or adjusting privileges to match new operational needs, reducing errors in privilege dropping during transfers. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-3569 | 1.7 | 7.8 | 0.0284 | 2022-10-17 |
CVE-2019-11243 | 1.6 | 8.1 | 0.0024 | 2019-04-22 |
CVE-2023-22648 | 1.6 | 8.0 | 0.0018 | 2023-06-01 |
CVE-2024-0985 | 1.6 | 8.0 | 0.0075 | 2024-02-08 |
CVE-2025-23395 | 1.6 | 7.8 | 0.0007 | 2025-05-26 |
CVE-2025-53819 | 1.6 | 7.9 | 0.0003 | 2025-07-14 |
CVE-2026-35535 | 1.5 | 7.4 | 0.0001 | 2026-04-03 |
CVE-2024-35179 | 1.4 | 6.8 | 0.0009 | 2024-05-15 |
CVE-2023-38496 | 1.2 | 6.1 | 0.0005 | 2023-07-25 |
CVE-2020-35513 | 1.0 | 4.9 | 0.0032 | 2021-01-26 |
CVE-2026-25704 | 0.0 | 0.0 | 0.0001 | 2026-03-30 |