CWE-1268 1 CVEs MITRE definition ↗

CWE-1268: Policy Privileges are not Assigned Consistently Between Control and Data Agents

Overview

CWE-1268 (Policy Privileges are not Assigned Consistently Between Control and Data Agents) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product's hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined
operating_system Not OS-Specific Undetermined
architecture Not Architecture-Specific Undetermined
technology Not Technology-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2026-5892 2026-04-08 Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted H…

Previous names

  • Agents Included in Control Policy are not Contained in Less-Privileged Policy (2020-08-20)

Content submission

Name
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization
Intel Corporation
Date
2020-02-12
Version
4.1

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns
2021-10-28 CWE Content Team 4.6 updated Potential_Mitigations
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples
2023-01-31 CWE Content Team 4.10 updated Demonstrative_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Demonstrative_Examples, Relationships, Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Demonstrative_Examples

Contributions

Type Name Date Comment
Feedback Jagadish Nayak 2025-10-09 Reported an incorrect value for Agent 3 in the demonstrative example, and suggested an alternative.
cvelogic Threat Intelligence