CWE-271: Privilege Dropping / Lowering Errors
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Last updated
Overview
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
Real-world CVEs
10 recorded CVEs are caused by CWE-271 (Privilege Dropping / Lowering Errors). The highest-severity and most recent are shown first. 2 new CWE-271 CVEs have been recorded so far in 2026 (2 in 2025).