CWE-267β€”Privilege Defined With Unsafe Actions

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-267
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Privilege Defined With Unsafe Actions

Description

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Common Consequences

Scope:
Access Control
Impact:
Gain Privileges or Assume Identity
Notes:
A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts.

Related Weaknesses