ATR-2026-00107highPrivilege Escalationexperimental
Privilege Escalation via Delayed Task Execution Bypass
Detects tools that claim to schedule tasks while explicitly stating they bypass permission checks or security controls through delayed execution. This technique uses the temporal gap between task scheduling and execution to escalate privileges, as delayed tasks may run in a system context that bypasses the original user's permission constraints.
嚴重度
high
類別
Privilege Escalation
掃描目標
mcp
作者
ATR Community
建議回應
alertsnapshot
參考資料
OWASP Agentic
ASI06:2026 - Insufficient Access ControlsASI05:2026 - Unexpected Code Execution
OWASP LLM
LLM06:2025 - Excessive Agency
更多 Privilege Escalation 規則
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code InjectionATR-2026-00111criticalShell Metacharacter Injection in Tool Arguments