CWE-282: Improper Ownership Management
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Last updated
Overview
CWE-282 (Improper Ownership Management) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
27 recorded CVEs are caused by CWE-282 (Improper Ownership Management), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 4 new CWE-282 CVEs have been recorded so far in 2026 (10 in 2025).
- CVE-2023-0386CISA KEVHigh · CVSS 8.5 · EPSS 94th2023-03-22
- CVE-2024-3383
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
Critical · CVSS 9.1 · EPSS 44th2024-04-10 - CVE-2026-50130
Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`