Skip to content

Hide Navigation Hide TOC

Privilege Escalation via Delayed Task Execution Bypass - ATR-2026-00107 (2e16b51a-66a3-537d-b25f-9fdf6af4bd1a)

Detects tools that claim to schedule tasks while explicitly stating they bypass permission checks or security controls through delayed execution. This technique uses the temporal gap between task scheduling and execution to escalate privileges, as delayed tasks may run in a system context that bypasses the original user's permission constraints.

Cluster A Galaxy A Cluster B Galaxy B Level
Privilege Escalation via Delayed Task Execution Bypass - ATR-2026-00107 (2e16b51a-66a3-537d-b25f-9fdf6af4bd1a) Agent Threat Rules Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 1