CWE-270 (Privilege Context Switching Error) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-9560 | 2026-05-26 | Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel |
| CVE-2026-34853 | 2026-04-13 | Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-55210 | 2026-02-12 | FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticat… |
| CVE-2025-60721 | 2025-11-11 | Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. |
| CVE-2025-9408 | 2025-11-11 | System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. |
| CVE-2025-26499 | 2025-09-11 | Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting … |
| CVE-2025-46406 | 2025-07-09 | A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the … |
| CVE-2025-49583 | 2025-06-13 | XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that … |
| CVE-2025-49581 | 2025-06-13 | XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This all… |
| CVE-2024-46975 | 2025-02-22 | Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. |
| CVE-2024-12570 | 2024-12-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attac… |
| CVE-2024-11263 | 2024-11-15 | When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesse… |
| CVE-2024-36513 | 2024-11-12 | A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their… |
| CVE-2024-51987 | 2024-11-07 | Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different use… |
| CVE-2024-47173 | 2024-10-24 | Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attac… |
| CVE-2024-8641 | 2024-09-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attac… |
| CVE-2024-37294 | 2024-06-11 | Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users sho… |
| CVE-2023-37912 | 2023-10-25 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` a… |
| CVE-2023-25754 | 2023-05-08 | Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. |
| CVE-2023-26475 | 2023-03-02 | XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the r… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Description, Relationships, Taxonomy_Mappings |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Potential_Mitigations |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated References |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Potential_Mitigations |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations, References |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Related_Attack_Patterns |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Modes_of_Introduction, References, Relationships |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Related_Attack_Patterns |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Weakness_Ordinalities |