Cyber Resilience

CWE · MITRE source

CWE-277Insecure Inherited Permissions

Abstraction: Variant · CVEs in our corpus: 70

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

Last updated: 04 July 2026 08:17 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 9 mapping(s) from 4 framework(s): ATT&CK 4 (partial) · STIG windows server 2016 2 (mostly) · STIG windows server 2019 2 (mostly) · STIG windows server 2022 1 (mostly)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2021-411707.09.80.01532021-11-08
CVE-2024-365397.09.80.01262024-07-24
CVE-2024-365407.09.80.00422024-07-24
CVE-2020-53435.57.30.00272020-05-04
CVE-2023-278425.58.80.02402023-03-21
CVE-2023-339905.57.80.00152023-07-11
CVE-2023-343915.57.40.00132023-08-31
CVE-2024-23233 UPD5.57.80.00222024-03-08
CVE-2024-294175.58.40.00192024-05-03
CVE-2024-278225.57.80.00282024-05-14
CVE-2024-278255.57.10.00192024-05-14
CVE-2024-278485.57.80.00202024-06-10
CVE-2024-66055.58.80.00362024-07-09
CVE-2024-398775.58.80.01732024-07-17
CVE-2024-416015.57.50.00452024-07-19
CVE-2024-343295.58.40.00592024-07-22
CVE-2024-365425.58.80.00472024-07-25
CVE-2024-71435.58.30.00612024-08-07
CVE-2024-426815.58.80.00892024-08-15
CVE-2025-20008 UPD5.57.70.00152025-05-13
CVE-2025-32797 UPD5.57.00.00142025-06-16
CVE-2025-584375.58.10.00352025-09-06
CVE-2025-371745.57.20.00482026-01-13
CVE-2026-302665.57.80.00122026-04-20
CVE-2019-50683.54.40.00502019-11-05