The product does not properly verify that a critical resource is owned by the proper entity.

What CVEs are caused by CWE-283?

17 recorded CVEs are attributed to CWE-283, including CVE-2026-26016, CVE-2026-29788, CVE-2025-43882.

How do you prevent CWE-283?

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

What are the consequences of CWE-283?

Exploiting CWE-283 can lead to: Gain Privileges or Assume Identity.

Is CWE-283 actively exploited?

17 recorded CVEs are caused by CWE-283; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-283: Unverified Ownership

CVE-2025-47940

TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer

CWE-283: Unverified Ownership

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

This function is part of a privileged program that takes input from users with potentially lower privileges.

Vulnerable example

python

def killProcess(processID):

Safe example

python

def killProcess(processID):

CWE-283: Unverified Ownership

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-283?

What CVEs are caused by CWE-283?

How do you prevent CWE-283?

What are the consequences of CWE-283?

Is CWE-283 actively exploited?

References

Stay ahead of CWE-283

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-283?

What CVEs are caused by CWE-283?

How do you prevent CWE-283?

What are the consequences of CWE-283?

Is CWE-283 actively exploited?

References

Stay ahead of CWE-283