BaseIncomplete

CWE-708Incorrect Ownership Assignment

Category: other

Description

The product assigns an owner to a resource, but the owner is outside of the intended control sphere. This may allow the resource to be manipulated by actors outside of the intended control sphere.

Common consequences· 1

  • Confidentiality / Integrity — Read Application Data, Modify Application Data
    An attacker could read and modify data for which they do not have permissions to access directly.

Potential mitigations· 1

  • [Policy]Periodically review the privileges and their owners.

References

  1. https://cwe.mitre.org/data/definitions/708.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2026-40196cve-2026-401960%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Ownership Management
CWE
Exposure of Resource to Wrong Sphere
CWE
Unverified Ownership
CWE
Improper Access Control
CWE
Incorrect Privilege Assignment
CWE
Exposure of Sensitive Information to an Unauthorized Actor
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.