CWE-278
Insecure Preserved Inherited Permissions
VariantIncomplete
Description
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6265 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | |
| CVE-2024-38531 | Low | 0.16 | 3.6 | 0.00 | Jun 28, 2024 | Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. |