CWE-266β€”Incorrect Privilege Assignment

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-266
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Incorrect Privilege Assignment

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Common Consequences

Scope:
Access Control
Impact:
Gain Privileges or Assume Identity
Notes:
A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.

Related Weaknesses