VariantIncomplete

CWE-278Insecure Preserved Inherited Permissions

Category: authz

Description

A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.

Common consequences· 1

  • Confidentiality / Integrity — Read Application Data, Modify Application Data

Potential mitigations· 2

  • [Architecture and Design, Operation]Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
  • [Architecture and Design]

References

  1. https://cwe.mitre.org/data/definitions/278.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-2947cve-2025-29470%live
VulnerabilityCVE-2026-6265cve-2026-62650%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insecure Inherited Permissions
CWE
Improper Preservation of Permissions
CWE
Incorrect Execution-Assigned Permissions
CWE
Improper Ownership Management
CWE
Incorrect Default Permissions
CWE
Permission Race Condition During Resource Copy
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.