Class weakness
Incomplete
Log in
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Last updated
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.
11 recorded CVEs are caused by CWE-271 (Privilege Dropping / Lowering Errors). The highest-severity and most recent are shown first. 3 new CWE-271 CVEs have been recorded so far in 2026 (2 in 2025).
CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
What can happen when CWE-271 is exploited.
Gain Privileges or Assume Identity
Affects: Access Control
If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped.
Gain Privileges or Assume Identity, Hide Activities
Affects: Access Control, Non-Repudiation
If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator.
Typically introduced during these phases of the software lifecycle.
Practical mitigations for CWE-271, grouped by where in the lifecycle they apply.
Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Illustrative examples from MITRE showing how the weakness appears in code.
The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.
Vulnerable example
chroot(APP_HOME);Constraining the process inside the application's home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced.
Real CVEs that MITRE cites as examples of this weakness.
Common questions about CWE-271.
The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
11 recorded CVEs are attributed to CWE-271, including CVE-2026-44477, CVE-2024-0985, CVE-2023-22648.
Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
Exploiting CWE-271 can lead to: Gain Privileges or Assume Identity, Hide Activities.
11 recorded CVEs are caused by CWE-271; none are currently in CISA's KEV catalog of actively exploited flaws.
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Get alerted the moment a new CWE-271 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.