The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

What CVEs are caused by CWE-272?

27 recorded CVEs are attributed to CWE-272, including CVE-2024-25106, CVE-2025-59106, CVE-2025-7722.

How do you prevent CWE-272?

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

How is CWE-272 detected?

Automated Static Analysis - Binary or Bytecode: According to SOAR [REF-1479], the following detection techniques may be useful:

What are the consequences of CWE-272?

Exploiting CWE-272 can lead to: Gain Privileges or Assume Identity, Read Application Data, Read Files or Directories.

Is CWE-272 actively exploited?

27 recorded CVEs are caused by CWE-272; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-272: Least Privilege Violation

CVE-2021-26726

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following example demonstrates the weakness.

Vulnerable example

setuid(0);

The following example demonstrates the weakness.

Vulnerable example

java

AccessController.doPrivileged(new PrivilegedAction() {

The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.

Vulnerable example

chroot(APP_HOME);

Constraining the process inside the application's home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced.

CWE-272: Least Privilege Violation

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis - Binary or Bytecode

Dynamic Analysis with Automated Results Interpretation

Manual Static Analysis - Source Code

Automated Static Analysis - Source Code

Automated Static Analysis

Architecture or Design Review

Code examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-272?

What CVEs are caused by CWE-272?

How do you prevent CWE-272?

How is CWE-272 detected?

What are the consequences of CWE-272?

Is CWE-272 actively exploited?

References

Stay ahead of CWE-272

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis - Binary or Bytecode

Dynamic Analysis with Automated Results Interpretation

Manual Static Analysis - Source Code

Automated Static Analysis - Source Code

Automated Static Analysis

Architecture or Design Review

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-272?

What CVEs are caused by CWE-272?

How do you prevent CWE-272?

How is CWE-272 detected?

What are the consequences of CWE-272?

Is CWE-272 actively exploited?

References

Stay ahead of CWE-272