CWE•Class•Draft•20 recent CVEs
CWE-269Improper Privilege Management
Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Common consequences
- Access Control→Gain Privileges or Assume Identity
Potential mitigations
- Architecture and Design,OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
- Architecture and DesignFollow the principle of least privilege when assigning access rights to entities in a software system.
- Architecture and DesignConsider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-441192026-06-08CVE-2026-114232026-06-05CVE-2025-50888.32026-06-05CVE-2026-113086.32026-06-05CVE-2026-112967.52026-06-05CVE-2026-112958.82026-06-05CVE-2026-112765.12026-06-05CVE-2026-112296.12026-06-04CVE-2026-111088.82026-06-04CVE-2026-111037.82026-06-04CVE-2026-108682026-06-04CVE-2026-491897.82026-06-04CVE-2026-82069.82026-06-02CVE-2026-285863.32026-06-01CVE-2026-00917.82026-06-01CVE-2026-00897.82026-06-01CVE-2026-00866.82026-06-01CVE-2026-00556.22026-06-01CVE-2026-00503.32026-06-01CVE-2026-00486.82026-06-01