The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
View on MITREA user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users.
No mitigation information available for this CWE.
No detection method information available for this CWE.
Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.
View DetailsRun callback in different security context after it has been changed from untrusted to trusted. * note that "context switch before actions are completed" is one type of problem that happens frequently, espec. in browsers.
View DetailsNo relationship information available for this CWE.
CWE-270: Privilege Context Switching Error is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
If exploited, CWE-270 (Privilege Context Switching Error) it can compromise Access Control, leading to outcomes such as Gain Privileges or Assume Identity.
CWE-270 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-270, including CVE-2002-1688, CVE-2003-1026, CVE-2002-1770 and CVE-2005-2263. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-270 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.