CWE-269β€”Improper Privilege Management

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2026-04-30
CWE-269 - Improper Privilege Management - Diagram

Metadata

CWE ID:
CWE-269
Abstraction:
Class
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Improper Privilege Management

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Common Consequences

Scope:
Access Control
Impact:
Gain Privileges or Assume Identity

Related Weaknesses