It is recommended to usewith sharing by default to respect the organization’s sharing rules. The mode without sharing should be used cautiously, only when elevated access is necessary, such as allowing community users to view certain records. inherited sharing is ideal for service classes that need to adapt to the calling context’s sharing mode.
Review your code carefully
Does this code access or modify restricted records?
Could this code be executed by users who should not have access to those records?
If the class is marked inherited sharing, could it be invoked by a class marked without sharing?
If you answered yes to any of these, there is a security risk.
Recommended Secure Coding Practices
Prefer with sharing whenever possible.
Use without sharing only after confirming the code cannot be accessed by unauthorized users.
Use inherited sharing only if all calling classes marked without sharing are verified as safe.