CWE · MITRE source
CWE-280Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-24116 | 7.3 | 9.8 | 0.8887 | 2024-10-02 |
CVE-2024-29748 KEV | 3.6 | 7.8 | 0.0041 | 2024-04-05 |
CVE-2024-25108 | 2.0 | 9.9 | 0.0011 | 2024-02-12 |
CVE-2024-5163 | 2.0 | 9.8 | 0.0017 | 2024-06-17 |
CVE-2025-6573 | 2.0 | 9.8 | 0.0021 | 2025-08-09 |
CVE-2025-46066 | 2.0 | 9.9 | 0.0015 | 2026-01-12 |
CVE-2019-6570 | 1.8 | 8.8 | 0.0024 | 2019-04-17 |
CVE-2024-0015 | 1.8 | 7.8 | 0.0396 | 2024-02-16 |
CVE-2024-1608 | 1.8 | 9.1 | 0.0024 | 2024-02-20 |
CVE-2024-22078 | 1.8 | 8.8 | 0.0017 | 2024-03-20 |
CVE-2023-38298 | 1.8 | 8.8 | 0.0013 | 2024-04-22 |
CVE-2024-36451 | 1.8 | 8.8 | 0.0015 | 2024-07-10 |
CVE-2024-6660 | 1.8 | 8.8 | 0.0031 | 2024-07-17 |
CVE-2025-31173 | 1.8 | 8.8 | 0.0003 | 2025-04-07 |
CVE-2025-27025 | 1.8 | 8.8 | 0.0073 | 2025-07-02 |
CVE-2025-8109 | 1.8 | 8.8 | 0.0003 | 2025-08-04 |
CVE-2025-58770 | 1.8 | 8.8 | 0.0002 | 2025-12-12 |
CVE-2026-24096 | 1.8 | 8.8 | 0.0005 | 2026-04-01 |
CVE-2023-42931 | 1.7 | 7.8 | 0.0280 | 2024-03-28 |
CVE-2024-51459 | 1.7 | 8.4 | 0.0002 | 2025-03-19 |
CVE-2026-0047 | 1.7 | 8.4 | 0.0000 | 2026-03-02 |
CVE-2019-17437 | 1.6 | 7.8 | 0.0013 | 2019-12-05 |
CVE-2022-2193 | 1.6 | 7.5 | 0.0086 | 2022-07-19 |
CVE-2023-43591 | 1.6 | 7.8 | 0.0008 | 2023-11-15 |
CVE-2023-25543 | 1.6 | 7.8 | 0.0003 | 2024-02-06 |