# Default Privilege Assignment in User Creation

- ID: python-default-privilege-assignment
- Severity: HIGH
- CWE: CWE-269 (CWE-269)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects user creation flows that assign elevated privileges by default.

## Remediation

Default user creation to unprivileged (is_staff=False).

```python
User.objects.create_user(username=data['username'], password=data['password'])
```

Learn more: https://shoulder.dev/learn/python/cwe-269/default-privilege-assignment

## Documentation

[object Object]

## Related Rules

- **Missing Role/Permission Checks** [HIGH]: