CWE-281

Improper Preservation of Permissions

Parent: CWE-732 - Incorrect Permission Assignment for Critical Resource

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

329 vulnerabilities with CWE-281
CVE-2026-40767 HIGH
WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-44832 HIGH
Snipe-IT: Privilege Escalation via API Permissions Assignment
CVSS 8.8
CVE-2026-24194 HIGH
Nvidia GeForce - Improper Preservation of Permissions
CVSS 7.8
CVE-2026-34744 MEDIUM
MantisBT authorization bypass allows continued access to self-uploaded attachments on private issues
CVE-2026-34600 MEDIUM
Joplin Server delta API returns note content after share access is revoked
CVSS 5.7
CVE-2026-25850 MEDIUM
OpenHarmony <=6.0 filemanagement_storage_service - Permission Preservation Information Leak
CVSS 5.5
CVE-2026-35361 LOW
uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems
CVSS 3.4
CVE-2026-35351 MEDIUM
uutils coreutils mv Silent Ownership Loss in Cross-Device Operations
CVSS 4.2
CVE-2026-35350 MEDIUM
uutils coreutils cp Unexpected Privileged Executable Creation with -p
CVSS 6.6
CVE-2026-35385 HIGH
OpenSSH <10.3 - Privilege Escalation
CVSS 7.5
CVE-2025-8325 MEDIUM
Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations
CVSS 6.3
CVE-2025-69875 HIGH
Quick Heal Total Security 23.0.0 - Privilege Escalation via Quarantine Restore Path Manipulation
CVSS 7.8
CVE-2025-9615 LOW
Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 - Unauthorized File Access via NetworkManager
CVSS 3.3
CVE-2025-37735 HIGH
Elastic Defend - Privilege Escalation
CVSS 7.0
CVE-2025-34298 HIGH
Nagios Log Server < 2024R1.3.2 - Privilege Escalation via Email Change Workflow
CVSS 8.8
CVE-2025-26420 MEDIUM
GrantPermissionsActivity - Privilege Escalation
CVSS 4.4
CVE-2025-7346 HIGH
pyload-ng - Unauthenticated Arbitrary Package Creation via Localhost Restriction Bypass
CVE-2025-43701 HIGH
Salesforce OmniStudio <254 - Info Disclosure
CVSS 7.5
CVE-2025-43700 HIGH
Salesforce OmniStudio <Spring 2025 - Info Disclosure
CVSS 7.5
CVE-2025-43698 CRITICAL
Salesforce OmniStudio <Spring 2025 - Privilege Escalation
CVSS 9.1
CVE-2025-43697 HIGH
Salesforce OmniStudio <Spring 2025 - Info Disclosure
CVSS 7.5
CVE-2025-27563 LOW
OpenHarmony < 5.0.3 - Information Leak via Permission Handling
CVSS 3.3
CVE-2025-27247 MEDIUM
OpenHarmony <5.0.3 - Info Disclosure
CVSS 5.5
CVE-2025-26693 LOW
OpenHarmony < 5.0.3 - Information Disclosure via Permission Handling
CVSS 3.3
CVE-2025-26691 MEDIUM
OpenHarmony < 5.0.3 - Information Disclosure via Permission Handling
CVSS 5.5
Details
Vulnerabilities 329
Links
MITRE CWE Entry Search this CWE With Exploits