The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.
In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker. The weakness is introduced during Architecture and Design, Implementation, Operation stages.
Latest vulnerabilities for CWE-271
No vulnerabilities found using your search criteria
Description of CWE-271 on Mitre website