CWE-273
Improper Check for Dropped Privileges
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
CVE-2026-21882 (GCVE-0-2026-21882)
Vulnerability from cvelistv5 – Published: 2026-03-02 19:17 – Updated: 2026-03-02 19:44
VLAI
Title
theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution
Summary
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/AsfhtgkDavid/theshit/security/… | x_refsource_CONFIRM |
| https://github.com/AsfhtgkDavid/theshit/commit/52… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AsfhtgkDavid | theshit |
Affected:
< 0.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21882",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T19:44:23.867553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:44:41.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "theshit",
"vendor": "AsfhtgkDavid",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273: Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T19:17:22.220Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-2j3p-gqw5-g59j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/AsfhtgkDavid/theshit/security/advisories/GHSA-2j3p-gqw5-g59j"
},
{
"name": "https://github.com/AsfhtgkDavid/theshit/commit/5293957b119e55212dce2c6dcbaf1d7eb794602a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/AsfhtgkDavid/theshit/commit/5293957b119e55212dce2c6dcbaf1d7eb794602a"
}
],
"source": {
"advisory": "GHSA-2j3p-gqw5-g59j",
"discovery": "UNKNOWN"
},
"title": "theshit\u0027s Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21882",
"datePublished": "2026-03-02T19:17:22.220Z",
"dateReserved": "2026-01-05T17:24:36.928Z",
"dateUpdated": "2026-03-02T19:44:41.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32107 (GCVE-0-2026-32107)
Vulnerability from cvelistv5 – Published: 2026-04-17 19:25 – Updated: 2026-04-22 03:55
VLAI
Title
xrdp: Fail-open privilege drop in sesexec — child processes may execute as root if setuid fails
Summary
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-273 - Improper Check for Dropped Privileges
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/neutrinolabs/xrdp/security/adv… | x_refsource_CONFIRM |
| https://github.com/neutrinolabs/xrdp/releases/tag… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| neutrinolabs | xrdp |
Affected:
< 0.10.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T03:55:34.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xrdp",
"vendor": "neutrinolabs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.10.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to escalate privileges to root and execute arbitrary code on the system. An additional exploit would be needed to facilitate this. This issue has been fixed in version 0.10.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273: Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:25:20.274Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-p5m6-7m43-pjv9"
},
{
"name": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/neutrinolabs/xrdp/releases/tag/v0.10.6"
}
],
"source": {
"advisory": "GHSA-p5m6-7m43-pjv9",
"discovery": "UNKNOWN"
},
"title": "xrdp: Fail-open privilege drop in sesexec \u2014 child processes may execute as root if setuid fails"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32107",
"datePublished": "2026-04-17T19:25:20.274Z",
"dateReserved": "2026-03-10T22:02:38.854Z",
"dateUpdated": "2026-04-22T03:55:34.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44073 (GCVE-0-2026-44073)
Vulnerability from cvelistv5 – Published: 2026-05-21 07:35 – Updated: 2026-05-21 12:23
VLAI
Title
seteuid failure ignored in auth modules
Summary
Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-273 - Improper Check for Dropped Privileges
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://netatalk.io/security/CVE-2026-44073 | vendor-advisory |
Impacted products
Date Public
2026-05-13 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44073",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T12:22:54.006379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T12:23:53.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Netatalk",
"vendor": "Netatalk",
"versions": [
{
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arjun Basnet from Securin"
}
],
"datePublic": "2026-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid(), which may allow a remote authenticated attacker to retain elevated privileges under error conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T07:52:54.774Z",
"orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"shortName": "securin"
},
"references": [
{
"name": "Netatalk Security Advisory CVE-2026-44073",
"tags": [
"vendor-advisory"
],
"url": "https://netatalk.io/security/CVE-2026-44073"
}
],
"title": "seteuid failure ignored in auth modules"
}
},
"cveMetadata": {
"assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
"assignerShortName": "securin",
"cveId": "CVE-2026-44073",
"datePublished": "2026-05-21T07:35:06.589Z",
"dateReserved": "2026-05-05T07:25:20.196Z",
"dateUpdated": "2026-05-21T12:23:53.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation ID: MIT-53
Phase: Implementation
Description:
- Check the results of all functions that return a value and verify that the value is expected.
Mitigation
Phase: Implementation
Description:
- In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened.
No CAPEC attack patterns related to this CWE.