CWE-274: Improper Handling of Insufficient Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
Last updated
Overview
CWE-274 (Improper Handling of Insufficient Privileges) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
37 recorded CVEs are caused by CWE-274 (Improper Handling of Insufficient Privileges). The highest-severity and most recent are shown first. 2 new CWE-274 CVEs have been recorded so far in 2026 (5 in 2025).
- CVE-2025-20156
Cisco Meeting Management Client-Server Privilege Escalation Vulnerability
Critical · CVSS 9.9 · EPSS 64th2025-01-22 - CVE-2023-39375
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
Critical · CVSS 9.8 · EPSS 46th2023-09-26 - CVE-2022-45101Critical · CVSS 9.8 · EPSS 53th2023-02-01
- CVE-2022-0668Critical · CVSS 9.8 · EPSS 46th2023-01-08
- CVE-2024-0105High · CVSS 8.9 · EPSS 19th2024-11-01
- CVE-2024-21648High · CVSS 8.8 · EPSS 40th2024-01-08
- CVE-2023-35928High · CVSS 8.8 · EPSS 58th2023-06-23
- CVE-2020-7283
Privilege Escalation vulnerability in McAfee Total Protection (MTP)
High · CVSS 8.8 · EPSS 46th2020-07-03 - CVE-2020-7267High · CVSS 8.8 · EPSS 16th2020-05-08
- CVE-2020-7266High · CVSS 8.8 · EPSS 16th2020-05-08
- CVE-2020-7265
Privilege Escalation vulnerability through symbolic links in ENSM
High · CVSS 8.8 · EPSS 16th2020-05-08 - CVE-2020-7264High · CVSS 8.8 · EPSS 16th2020-05-08
Showing 12 of 37 recorded CWE-274 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-274 vulnerabilitiesCommon consequences
What can happen when CWE-274 is exploited.
Other, Alter Execution Logic
Affects: Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to detect it
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2001-1564 — System limits are not properly enforced after privileges are dropped.
- CVE-2005-3286 — Firewall crashes when it can't read a critical memory block that was protected by a malicious process.
- CVE-2005-1641 — Does not give admin sufficient privileges to overcome otherwise legitimate user actions.
Terminology & mappings
Mapped taxonomies
- PLOVER: Insufficient privileges
Frequently asked questions
Common questions about CWE-274.
- What is CWE-274?
- The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.
- What CVEs are caused by CWE-274?
- 37 recorded CVEs are attributed to CWE-274, including CVE-2025-20156, CVE-2023-39375, CVE-2022-45101.
- How is CWE-274 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-274?
- Exploiting CWE-274 can lead to: Other, Alter Execution Logic.
- Is CWE-274 actively exploited?
- 37 recorded CVEs are caused by CWE-274; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-274) (opens in a new tab)
- CWE-274 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-274
Get alerted the moment a new CWE-274 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.