CWE-266 Incorrect Privilege Assignment

What this means

SiteShadow flagged privilege/role assignment that can grant more access than intended (wrong default role, client-controlled privilege fields, missing admin-only guards).

Why it matters

Incorrect privilege assignment can grant excessive access.

• Privilege escalation: users gain admin/staff capabilities.
• Persistent compromise: once stored, bad privileges remain until fixed.
• High blast radius: privileged roles can access/export/modify everything.

Safer examples

1) Make "least privilege" the default

New accounts should start with minimal permissions and require explicit elevation.

2) Don't accept role/permission fields from clients

Ignore fields like role, isAdmin, permissions in normal user flows (see API01).

3) Require re-auth/MFA for privilege changes

Role changes should be admin-only and require step-up auth (see MFA01).

How SiteShadow detects it (high level)

• Flags client-controlled privilege fields flowing into persistence or security decisions.
• Detects admin-only operations without strong guards.

References

• CWE-266: https://cwe.mitre.org/data/definitions/266.html

---

← Back to Vulnerability Library