4 vulnerabilities classified as CWE-278 (不安全的预留继承权限). AI Chinese analysis included.
CWE-278 represents a critical access control weakness where software inherits insecure permissions from a source object, such as an archive file, without explicit user consent or awareness. This vulnerability typically arises during file extraction or system initialization processes, allowing attackers to exploit pre-existing, overly permissive settings to gain unauthorized access to sensitive resources. By leveraging these inherited rights, malicious actors can bypass intended security boundaries, potentially leading to data theft, privilege escalation, or complete system compromise. To mitigate this risk, developers must implement strict permission validation mechanisms that override default settings during object creation or modification. Enforcing the principle of least privilege ensures that new objects receive only the minimal necessary access rights, while explicit user confirmation for permission changes prevents silent inheritance of dangerous configurations, thereby maintaining robust security postures against unauthorized exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6265 | Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2 — Cerberus FTP Server | 7.8AI | HighAI | 2026-04-27 |
| CVE-2025-2947 | IBM i privilege escalation — i | 7.2 | High | 2025-04-17 |
| CVE-2024-38531 | Nix sandbox escape — nix | 3.6 | Low | 2024-06-28 |
| CVE-2023-38497 | Cargo not respecting umask when extracting crate archives — cargo | 7.8 | High | 2023-08-04 |
Vulnerabilities classified as CWE-278 (不安全的预留继承权限) represent 4 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.