Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-281 (权限预留不恰当) — Vulnerability Class 91

91 vulnerabilities classified as CWE-281 (权限预留不恰当). AI Chinese analysis included.

CWE-281 represents a critical security weakness where software fails to maintain the intended access controls during file operations such as copying, restoring, or sharing. This flaw typically arises when developers rely on default system behaviors that reset permissions to more permissive states, inadvertently exposing sensitive data to unauthorized users. Attackers exploit this vulnerability by manipulating file transfer processes to gain elevated privileges or access restricted resources that should remain private. To mitigate this risk, developers must explicitly enforce permission preservation by using secure APIs that retain original access control lists during object manipulation. Implementing strict validation checks and avoiding generic file copy functions in favor of secure alternatives ensures that security boundaries remain intact. Regular code reviews focusing on file handling routines further help identify and correct these oversights before deployment.

MITRE CWE Description
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Common Consequences (1)
Confidentiality, IntegrityRead Application Data, Modify Application Data
CVE IDTitleCVSSSeverityPublished
CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems — coreutils 3.4 Low2026-04-22
CVE-2026-35351 uutils coreutils mv Silent Ownership Loss in Cross-Device Operations — coreutils 4.2 Medium2026-04-22
CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p — coreutils 6.6 Medium2026-04-22
CVE-2026-35385 OpenSSH 安全漏洞 — OpenSSH 7.5 High2026-04-02
CVE-2025-9615 Networkmanager: networkmanager file access — Red Hat Enterprise Linux 10 8.1AIHighAI2026-01-26
CVE-2024-12125 3scale-porta: readonly fields not validated server-side — porta 7.5 High2025-11-06
CVE-2025-37735 Elastic Defend 安全漏洞 — Kibana 7.0 High2025-11-06
CVE-2025-34298 Nagios Log Server < 2024R1.3.2 Set Email Privilege Escalation — Log Server 8.8AIHighAI2025-10-30
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal — rancher 4.3 Medium2025-10-29
CVE-2025-7346 pyLoad 安全漏洞 — Pyload 6.2AIMediumAI2025-07-08
CVE-2025-43698 Salesforce OmniStudio 安全漏洞 — OmniStudio 8.1AIHighAI2025-06-10
CVE-2025-43697 Salesforce OmniStudio 安全漏洞 — OmniStudio 6.5AIMediumAI2025-06-10
CVE-2025-43701 Salesforce OmniStudio 安全漏洞 — OmniStudio 4.3AIMediumAI2025-06-10
CVE-2025-43700 Salesforce OmniStudio 安全漏洞 — OmniStudio 6.5AIMediumAI2025-06-10
CVE-2025-27247 Pasteboard has an improper preservation of permissions vulnerability — OpenHarmony 5.5 Medium2025-06-08
CVE-2025-27563 security_access_token has an improper preservation of permissions vulnerability — OpenHarmony 3.3 Low2025-06-08
CVE-2025-26693 security_access_token has an improper preservation of permissions vulnerability — OpenHarmony 3.3 Low2025-06-08
CVE-2025-26691 telephony_call_manager has an improper preservation of permissions vulnerability — OpenHarmony 5.5 Medium2025-06-08
CVE-2024-46941 SystemUI component protection settings vulnerability — SystemUI 4.3AIMediumAI2025-06-06
CVE-2025-43026 HP Support Assistant – Potential Escalation of Privilege — HP Support Assistant 7.8AIHighAI2025-06-05
CVE-2025-32697 Cascading protection is not preventing file reversions — MediaWiki 8.2AIHighAI2025-04-10
CVE-2025-32696 "reupload-own" restriction can be bypassed by reverting file — MediaWiki 7.5AIHighAI2025-04-10
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass — Velociraptor 3.8 Low2025-02-27
CVE-2024-53994 Potential bypass of chat permissions in Discourse — discourse 4.3 Medium2025-02-04
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions — snowflake-connector-nodejs 4.4 Medium2025-01-29
CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable — gitoxide 5.0 Medium2025-01-20
CVE-2025-24337 WriteFreely 安全漏洞 — WriteFreely 8.4 High2025-01-20
CVE-2024-56317 Matter 安全漏洞 — Matter 7.5 -2024-12-18
CVE-2024-43784 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion — lakeFS 5.7 Medium2024-11-26
CVE-2024-9333 Permission bypass in M-Files Connector for Copilot — M-Files Connector for Copilot 4.3 -2024-10-02

Vulnerabilities classified as CWE-281 (权限预留不恰当) represent 91 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.