Base weakness

Draft

CWE-270: Privilege Context Switching Error

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Last updated May 1, 2026

24

Recorded CVEs

With this primary weakness

1

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

CWE-270 (Privilege Context Switching Error) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

24 recorded CVEs are caused by CWE-270 (Privilege Context Switching Error), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 3 new CWE-270 CVEs have been recorded so far in 2026 (6 in 2025).

Critical · CVSS 9.8 · EPSS 66th

2023-05-08

CVE-2026-9560

Critical · CVSS 9.4 · EPSS 18th

2026-05-26

CVE-2024-11263

Critical · CVSS 9.4 · EPSS 37th

2024-11-15

CVE-2025-9408

Userspace privilege escalation vulnerability on Cortex M

High · CVSS 8.2 · EPSS 3th

2025-11-11

CVE-2017-2663

High · CVSS 8.2 · EPSS 31th

2018-07-27

CVE-2024-46975

High · CVSS 7.9 · EPSS 6th

2025-02-22

CVE-2025-60721

Windows Administrator Protection Elevation of Privilege Vulnerability

High · CVSS 7.8 · EPSS 20th

2025-11-11

CVE-2026-34853

High · CVSS 7.7 · EPSS 0th

2026-04-13

CVE-2019-14819

High · CVSS 7.5 · EPSS 50th

2020-01-07

CVE-2024-36513

High · CVSS 7.4 · EPSS 38th

2024-11-12

Showing 12 of 24 recorded CWE-270 CVEs. Track new ones as they are published and get AI-written analysis and fixes.

Monitor CWE-270 vulnerabilities

Common consequences

What can happen when CWE-270 is exploited.

Gain Privileges or Assume Identity

Affects: Access Control

A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users.

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

Operation

How to prevent it

Practical mitigations for CWE-270, grouped by where in the lifecycle they apply.

Architecture and Design

Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Architecture and Design

Operation

Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

Architecture and Design

Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2002-1688 — Web browser cross domain problem when user hits "back" button.
CVE-2003-1026 — Web browser cross domain problem when user hits "back" button.
CVE-2002-1770 — Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.
CVE-2005-2263 — Run callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers.

Terminology & mappings

Mapped taxonomies

PLOVER: Privilege Context Switching Error

Attack patterns

CAPEC attack patterns that exploit this weakness.

Frequently asked questions

Common questions about CWE-270.

What is CWE-270?

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

What CVEs are caused by CWE-270?

24 recorded CVEs are attributed to CWE-270, including CVE-2021-3493, CVE-2023-37912, CVE-2023-25754. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.

How do you prevent CWE-270?

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

What are the consequences of CWE-270?

Exploiting CWE-270 can lead to: Gain Privileges or Assume Identity.

Is CWE-270 actively exploited?

Yes. 1 CWE-270 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 24 recorded CVEs.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-270

Get alerted the moment a new CWE-270 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-270?

What CVEs are caused by CWE-270?

How do you prevent CWE-270?

What are the consequences of CWE-270?

Is CWE-270 actively exploited?

References

Stay ahead of CWE-270