Under some conditions, request is processed with root privileged.
vulners.com/securityvulns/securityvulns:doc:26003