Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-268 (特权链锁) — Vulnerability Class 20

20 vulnerabilities classified as CWE-268 (特权链锁). AI Chinese analysis included.

CWE-268, Privilege Chaining, is a design weakness where combining two distinct privileges, roles, or capabilities enables an entity to perform unsafe actions that would remain prohibited if either privilege existed in isolation. Attackers typically exploit this by leveraging a low-privilege account to access a secondary, restricted resource, effectively chaining the limited rights to achieve unauthorized outcomes such as data exfiltration or system compromise. Developers can mitigate this risk by implementing strict least-privilege principles, ensuring that no single user or process accumulates excessive permissions. Additionally, employing role-based access control with clear separation of duties and conducting thorough threat modeling during the design phase helps identify potential privilege combinations. Regular security audits and dynamic analysis tools further assist in detecting unintended privilege escalations, ensuring that combined rights do not inadvertently create dangerous attack vectors.

MITRE CWE Description
Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
A user can be given or gain access rights of another user. This can give the user unauthorized access to sensitive information including the access information of another user.
Mitigations (3)
Architecture and DesignConsider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
Architecture and Design, OperationVery carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Examples (1)
This code allows someone with the role of "ADMIN" or "OPERATOR" to reset a user's password. The role of "OPERATOR" is intended to have less privileges than an "ADMIN", but still be able to help users with small issues such as forgotten passwords.
public enum Roles { ADMIN,OPERATOR,USER,GUEST } public void resetPassword(User requestingUser, User user, String password ){ if(isAuthenticated(requestingUser)){ switch(requestingUser.role){ case GUEST: System.out.println("You are not authorized to perform this command"); break; case USER: System.out.println("You are not authorized to perform this command"); break; default: setPassword(user,password); break; } } else{ System.out.println("You must be logged in to perform this command"); } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-3888 Local Privilege Escalation in snapd 7.8 High2026-03-17
CVE-2025-64701 QualitySoft QND 安全漏洞 — QND Premium/Advance/Standard 7.8AIHighAI2025-12-11
CVE-2025-7973 Rockwell Automation FactoryTalk® ViewPoint Privilege Escalation Vulnerability — FactoryTalk® ViewPoint 7.8AIHighAI2025-08-14
CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security — WebSphere Application Server Liberty 5.9 Medium2025-08-12
CVE-2025-2297 Privilege Management for Windows - Elevation of Privilege — Privilege Management for Windows 7.8AIHighAI2025-07-28
CVE-2025-49741 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability — Microsoft Edge (Chromium-based) 7.4 High2025-07-01
CVE-2025-20112 Cisco Unified Communications Products Privilege Escalation Vulnerability — Cisco Emergency Responder 5.1 Medium2025-05-21
CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy — harden-runner 6.0 Medium2025-04-21
CVE-2025-2903 Privilege Chaining in Delphix — Delphix 9.8AICriticalAI2025-04-17
CVE-2024-4877 OpenVPN 安全漏洞 — OpenVPN 7.8AIHighAI2025-04-03
CVE-2025-0889 Privilege Management for Windows – Elevation of Privilege — Privilege Management for Windows 7.0 -2025-02-26
CVE-2024-47045 e-Tax Reception System 安全漏洞 — The installer of e-Tax software(common program) 7.8AIHighAI2024-09-26
CVE-2024-1299 Privilege Chaining in GitLab — GitLab 6.5 Medium2024-03-07
CVE-2024-1250 Privilege Chaining in GitLab — GitLab 6.5 Medium2024-02-12
CVE-2023-5839 Privilege Chaining in hestiacp/hestiacp — hestiacp/hestiacp 8.8 -2023-10-29
CVE-2023-20194 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 4.9 Medium2023-09-07
CVE-2023-2250 Open Cluster Management 安全漏洞 — MCE 8.8 -2023-04-24
CVE-2023-0759 Privilege Chaining in cockpit-hq/cockpit — cockpit-hq/cockpit 8.8 -2023-02-09
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads — Mattermost 3.3 Low2022-03-18
CVE-2019-3844 systemd 权限许可和访问控制问题漏洞 — systemd 7.8 -2019-04-26

Vulnerabilities classified as CWE-268 (特权链锁) represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.