Skip to main content

CWE-271

Privilege Dropping / Lowering Errors

8 CVEs Avg CVSS 7.5 MITRE
0
CRITICAL
6
HIGH
2
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2026-35535 HIGH POC PATCH CISA Act Now

Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.

Privilege Escalation Sudo
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
Threat
5.1
CVE-2026-25704 MEDIUM This Month

Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.

Information Disclosure Cosmic Greeter
NVD VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-53819 HIGH PATCH This Week

CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.

Information Disclosure Apple macOS
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-23395 HIGH PATCH This Month

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-35179 MEDIUM This Month

Stalwart Mail Server is an open-source mail server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-22648 Go HIGH PATCH This Week

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rancher
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-3569 HIGH POC Act Now

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zimbra Collaboration Suite
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-11243 Go HIGH PATCH This Week

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kubernetes Trident
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

Local privilege escalation in Sudo through 1.9.17p2 (fixed in commit 3e474c2) arises because a failed setuid, setgid, or setgroups call during the privilege drop that precedes invoking the mailer is treated as non-fatal, allowing the mailer to run with retained elevated privileges. Local users on systems where Sudo is configured to send mail can leverage this to gain root, with total technical impact per CISA SSVC. EPSS is 0.00% and there is no public exploit identified at time of analysis, consistent with SSVC marking exploitation as none.

Privilege Escalation Sudo
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Cosmic-greeter before PR #426 contains a privilege dropping race condition vulnerability (CWE-271) that allows local attackers to regain dropped privileges through TOCTOU timing manipulation during privilege validation checks. The vulnerability affects the Pop!_OS greeter application and could enable privilege escalation to perform actions with elevated permissions that should have been restricted.

Information Disclosure Cosmic Greeter
NVD VulDB
EPSS 0% CVSS 7.9
HIGH PATCH This Week

CVE-2025-53819 is a privilege escalation vulnerability in Nix 2.30.0 on macOS where package builds are incorrectly executed with root privileges instead of restricted build user accounts. This affects macOS systems running Nix 2.30.0, allowing local attackers with standard user privileges to execute arbitrary code with root-level access during package builds. The vulnerability was patched in Nix 2.30.1, and no public exploits or known workarounds are currently available, though the high CVSS score (7.9) reflects the severity of privilege escalation with potential system-wide impact.

Information Disclosure Apple macOS
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Month

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Stalwart Mail Server is an open-source mail server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rancher
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC Act Now

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zimbra Collaboration Suite
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Kubernetes Trident
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy