CWE-270(Privilege Context Switching Error)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-9560 | 2026-05-26 | Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel |
| CVE-2026-34853 | 2026-04-13 | Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-55210 | 2026-02-12 | FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticat… |
| CVE-2025-60721 | 2025-11-11 | Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. |
| CVE-2025-9408 | 2025-11-11 | System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. |
| CVE-2025-26499 | 2025-09-11 | Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting … |
| CVE-2025-46406 | 2025-07-09 | A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the … |
| CVE-2025-49583 | 2025-06-13 | XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that … |
| CVE-2025-49581 | 2025-06-13 | XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This all… |
| CVE-2024-46975 | 2025-02-22 | Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. |
| CVE-2024-12570 | 2024-12-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attac… |
| CVE-2024-11263 | 2024-11-15 | When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesse… |
| CVE-2024-36513 | 2024-11-12 | A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their… |
| CVE-2024-51987 | 2024-11-07 | Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different use… |
| CVE-2024-47173 | 2024-10-24 | Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attac… |
| CVE-2024-8641 | 2024-09-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attac… |
| CVE-2024-37294 | 2024-06-11 | Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users sho… |
| CVE-2023-37912 | 2023-10-25 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` a… |
| CVE-2023-25754 | 2023-05-08 | Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. |
| CVE-2023-26475 | 2023-03-02 | XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the r… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Description, Relationships, Taxonomy_Mappings |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Potential_Mitigations |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated References |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Potential_Mitigations |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations, References |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Related_Attack_Patterns |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Modes_of_Introduction, References, Relationships |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Related_Attack_Patterns |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Weakness_Ordinalities |