CWE-273
Improper Check for Dropped Privileges
BaseIncompleteLikelihood: Medium
Description
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
If the drop fails, the product will continue to run with the raised privileges, which might provide additional access to unprivileged users.
Hierarchy (View 1000)
CVEs mapped to this weakness (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32107 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2026 | xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6. | |
| CVE-2025-1003 | Hig | 0.55 | — | 0.00 | Feb 4, 2025 | A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability. | |
| CVE-2006-2916 | Hig | 0.51 | 7.8 | 0.00 | Jun 15, 2006 | artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | |
| CVE-2026-21882 | Hig | 0.48 | 8.4 | 0.00 | Mar 2, 2026 | theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0. | |
| CVE-2023-0657 | Low | 0.22 | 3.4 | 0.00 | Nov 17, 2024 | A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions. |