CWE-271: Privilege Dropping / Lowering Errors
low-riskThe product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Abstraction: Class
Common Consequences
Access Control
→
Gain Privileges or Assume Identity
Access Control
→
Gain Privileges or Assume Identity
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-3569 | 7.8 | 2.8% | — |
| CVE-2024-0985 | 8.0 | 0.8% | — |
| CVE-2020-35513 | 4.9 | 0.3% | — |
| CVE-2019-11243 | 8.1 | 0.2% | — |
| CVE-2023-22648 | 8.0 | 0.2% | — |
| CVE-2024-35179 | 6.8 | 0.1% | — |
| CVE-2025-23395 | 7.8 | 0.1% | — |
| CVE-2023-38496 | 6.1 | 0.0% | — |
| CVE-2025-53819 | 7.9 | 0.0% | — |
| CVE-2026-35535 | 7.4 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal