CWE - Common Weakness Enumeration

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?xml version="1.0"?> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="description" content="Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses." /> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <link rel="shortcut icon" href="/favicon.ico" /> <link href="/css/main.css?version=4.17.040325" rel="stylesheet" type="text/css" /> <link href="/css/custom.css" rel="stylesheet" type="text/css" />  <script src="/includes/custom_filter.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/jquery.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/cwe_minimizer.js?version=4.12.062923" language="JavaScript" type="text/javascript"></script> <script src="/includes/cookie.js?version=4.12.062923" language="Javascript" type="text/javascript"></script> <script src="/includes/includeglossarydef.js" language="JavaScript" type="text/javascript"></script> <script src="/includes/custom.js" language="JavaScript" type="text/javascript"></script> <script src=https://cmp.osano.com/AzyhULTdPkqmy4aDN/318aa814-0420-45bb-857d-8fb5fac33ff8/osano.js></script> <link href="/css/print.css?version=1.11" rel="stylesheet" media="print" type="text/css" /> <link href="/css/mappingonly.css" rel="stylesheet" type="text/css" /> <noscript> <style type="text/css"> #script { visibility:collapse; visibility:hidden; font-size:0px; height:0px; width:0px } #noscript { visibility:visible; font-size:inherit; height:inherit; width:inherit} </style> </noscript> <title>CWE - Common Weakness Enumeration</title> </head> <body onload="onloadCookie()"> <a name="top" id="top"></a> <div id="MastHead" style="width:100%"> <div style="width:60%;float:left;padding-top:15px;padding-left:10px;padding-bottom:2px;"> <a href="/index.html" style="color:#32498D; text-decoration:none"> <img src="/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE" /> <h1 style="color:#314a8d;font-size:1.5em;font-family:'Verdana',sans-serif;#eee;margin: .1em auto">Common Weakness Enumeration</h1> <p style="color:#314a8d;font-family:'Times New Roman';font-style:italic;font-size:1em;#eee;margin:.1em auto 0 auto">A community-developed list of SW & HW weaknesses that can become vulnerabilities</p> </a> </div> <div style="float:right;padding-top:0px;text-align:right;padding-left:8px;padding-right:4px;padding-bottom:0px;"><a href="/about/new_to_cwe.html" title="New to CWE click here logo"><img src="/images/new_to_cwe/new_to_cwe_click_here.png" height="90" border="0" alt="New to CWE? click here!" style="text-align:center"/></a></div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"><a href="/scoring/lists/2021_CWE_MIHW.html" title="CWE Most Important Hardware Weaknesses"> <img src="/images/mihw_logo.svg" width="90" border="0" alt="CWE Most Important Hardware Weaknesses" style="vertical-align:bottom"/></a></div> <div style="float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:4px;padding-bottom:0px;"><a href="/top25/" title="CWE Top 25"><img src="/images/cwe_top_25_logo_simple.svg" width="90" border="0" alt="CWE Top 25 Most Dangerous Weaknesses" style="vertical-align:bottom"/></a></div> </div> <div id="HeaderBar" class="noprint"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="100%" align="left" style="padding-left:10px; font-size:75%;">   </td> <td align="right" nowrap="nowrap" style="padding-right:12px">  <div class="noprint"> <form action="/cgi-bin/jumpmenu.cgi" align="right" style="padding:0px; margin:0px"> ID <label for="id" style="padding-right:5px">Lookup:</label> <input id="id" name="id" type="text" style="width:50px; font-size:80%" maxlength="10" /> <input value="Go" style="padding: 0px; font-size:80%" type="submit"> </form> </div>  </td> </tr> </table> </div>  <div class="yesprint"> <hr width="100%" size="1" style="clear:both" color="#000000" /> </div> <div class="topnav"> <ul> <li><a href="/index.html">Home</a></li> <li> <div class="dropdown"> <button class="dropbtn">About ▼</button> <div class="dropdown-content"> <a href="/about/index.html">Who We Are</a> <a href="/about/user_stories.html">User Stories</a> <a href="/about/history.html">History</a> <a href="/about/documents.html">Documents</a> <a href="/about/cwe_videos.html">Videos</a> </div> </div> </li> <li> <div class="dropdown"> <button class="dropbtn">Learn ▼</button> <div class="dropdown-content"> <a href="/about/new_to_cwe.html">Basics</a> <div class="dropdown-sub-group"> <a href="/documents/cwe_usage/guidance.html">Root Cause Mapping   ►</a> <div class="dropdown-content-submenu"> <a href="/documents/cwe_usage/guidance.html">Guidance</a> <a href="/documents/cwe_usage/quick_tips.html">Quick Tips</a> <a href="/documents/cwe_usage/mapping_examples.html">Examples</a> </div> </div> <a href="/community/submissions/overview.html">How to Contribute Weakness Content</a> <a href="/about/faq.html">FAQs</a> <a href="/documents/glossary/index.html">Glossary</a> </div> </div> </li> <li> <div class="dropdown"> <button class="dropbtn">Access Content ▼</button> <div class="dropdown-content"> <div class="dropdown-sub-group"> <a href="/scoring/index.html#top_n_lists">Top-N Lists   ►</a> <div class="dropdown-content-submenu"> <a href="/top25/">Top 25 Software</a> <a href="/scoring/lists/2021_CWE_MIHW.html">Top Hardware</a> <a href="/top25/archive/2024/2024_kev_list.html">Top 10 KEV Weaknesses</a> </div> </div> <div class="dropdown-sub-group"> <a href="/data/index.html">CWE List   ►</a> <div class="dropdown-content-submenu"> <a href="/data/index.html">Current Version</a> <a href="/data/reports.html">Reports</a> <a href="/data/pdfs.html">Visualizations</a> <a href="/data/archive.html">Releases Archive</a> </div> </div> <a href="/data/downloads.html">Downloads</a> <a href="https://github.com/CWE-CAPEC/REST-API-wg/blob/main/Quick%20Start.md" target="_blank">REST API</a> </div> </div> </li> <li> <div class="dropdown"> <button class="dropbtn">Community ▼</button> <div class="dropdown-content"> <div class="dropdown-sub-group"> <a href="/news/">News   ►</a> <div class="dropdown-content-submenu"> <a href="/news/archives/news2025.html">Current News</a> <a href="https://medium.com/@CWE_CAPEC" target="_blank">Blog</a> <a href="/news/podcast.html">Podcast</a> <a href="/news/archives/index.html">News Archive</a> </div> </div> <a href="/community/board.html">CWE Board</a> <a href="/community/working_groups.html">Working Groups & Special Interest Groups</a> <a href="/community/email_lists.html">Email Lists</a> </div> </div> </li> <li> <div class="dropdown"> <button class="dropbtn">Search ▼</button> <div class="dropdown-content"> <a href="/">Search CWE List</a> <a href="/find/index.html">Search Website</a> </div> </li> </ul> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0" id="MainPane"> <tr>  <td valign="top" rowspan="2" id="LeftPane">  <script type="text/javascript">browserheight();</script> </td>  <td style="height:1px"></td>  <td valign="top" align="center" rowspan="2" nowrap="nowrap" id="RightPane"> <style type="text/css"></style> </td>  </tr> <tr>  <td valign="top" width="100%" id="Contentpane">  <div id="styled_popup" name="styled_popup" style="display:none; position:fixed; top:300; height:auto; width:300px; z-index:1000"> <table width="300" cellpadding="0" cellspacing="0" border="0" style="border:1px solid #32498D;"> <tr style="background-color:#32498D; color:#ffffff;"> <td width="100%" style="padding:1px 5px 1px 5px; border-bottom:1px solid #000000"><div width="100%" style="font-weight:bold;">CWE Glossary Definition</div></td> <td nowrap="nowrap" style="padding:1px; border-bottom:1px solid #000000" valign="top"><a href="javascript:styledPopupClose();"><img src="/images/layout/close.gif" border="0" alt="x"></a></td> </tr> <tr><td colspan="2" style="background: url(/images/layout/ylgradient.jpg); background-repeat: repeat-x repeat-y; padding:5px; background-color:#FFFFCC; " valign="top"> <div id="output" style="max-height:400px; overflow-y:auto"></div> </td></tr> </table> </div>  <div class="mainpage"> <table class="landingTable" style="width:100%;padding-left:2%;padding-right:2%;padding-top:1%;"> <tr> <td colspan="3" class="landingHighlight"> <div style="width:80%; margin-left:auto; margin-right:auto;padding-bottom:2%;"> <table> <tr> <td> <div style="float:left;padding-top:0px;text-align:right;padding-right:20px;padding-bottom:15px;"> <img src="/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE" /> </div> </td> <td style="vertical-align:top"> Knowing the weaknesses that result in vulnerabilities means software developers, hardware designers, and security architects can eliminate them before deployment, when it is much easier and cheaper to do so </td> </tr> </table> </div> </td> </tr> <tr> <td colspan="3"> <table style="width:100%;border:0px" class="SideBar"> <tr> <th class="HighlightBar" colspan="2">Learn About CWE</td> </tr> <tr> <td style="width:50%;vertical-align:top;padding:5px 5px 5px 5px;border:1px solid #cccccc;"> Overview – Learn what CWE is and how to use the information available on this website <ul style="list-style-type:none;padding-inline-start:0px"> <li><a href="/about/new_to_cwe.html">Basics</a></li> <li><a href="/about/faq.html">FAQs</a></li> <li><a href="/documents/glossary/index.html">Glossary</a></li> </ul> </td> <td style="width:50%;vertical-align:top;padding:5px 5px 5px 5px;border:1px solid #cccccc;"> Root Cause Mapping – Learn about identifying the underlying cause(s) of a vulnerability <ul style="list-style-type:none;padding-inline-start:0px"> <li><a href="/documents/cwe_usage/guidance.html">Guidance</a></li> <li><a href="/documents/cwe_usage/quick_tips.html">Quick Tips</a></li> <li><a href="/documents/cwe_usage/mapping_examples.html">Examples</a></li> </ul> </td> </tr> </table> </td> </tr> <tr> <td style="vertical-align:top;width:33%"> <table style="width:100%;border:0px" class="SideBar"> <tr> <th class="HighlightBar">Access Content</th> </tr> <tr> <td style="vertical-align:top;padding:0px 5px 5px 5px;border:1px solid #cccccc;"> <ul style="list-style-type:none;padding-inline-start:0px"> <li><a href="/data/index.html">All Weaknesses (943 total)</a></li> <li><a href="/scoring/index.html#top_n_lists">Top-N Lists</a></li> </ul> <div class="TitleBlue"><strong>Search CWE</strong></div> <div id="SearchBox" title="Easily find a specific software or hardware weakness by performing a search of the CWE List by keywords(s) or by CWE-ID Number. To search by multiple keywords, separate each by a space.">  <script async src="https://cse.google.com/cse.js?cx=012899561505164599335:tb0er0xsk_o"></script> <div class="gcse-searchbox"></div>  </div> <br/> <div class="TitleBlue"><strong>View CWEs by</strong></div> <div class="center"> <a href="/data/definitions/699.html"> <button type="button" title="This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation.">Software Development</button> </a> <br/> <a href="/data/definitions/1194.html"> <button type="button" title="This view organizes weaknesses around concepts that are frequently used or encountered in hardware design.">Hardware Design</button> </a> <br/> <a href="/data/definitions/1000.html"> <button type="button" title="This view is intended to facilitate research into weaknesses, including their inter-dependencies and their role in vulnerabilities. It classifies weaknesses in a way that largely ignores how they can be detected, where they appear in code, and when they are introduced in the software development lifecycle.">All Weaknesses</button> </a> <br/> <a href="/data/index.html#helpful_views"> <button type="button" title="This page lists alternative heirarchical, external mapping, and other helpful View presentations for CWE.">Other Select Options</button> </a> <br/><br/> </div> <div class="TitleBlue"><strong>CWE REST API</strong></div> <div class="center"> <a href="https://github.com/CWE-CAPEC/REST-API-wg/blob/main/Quick%20Start.md"> <button type="button" title="The CWE REST API, which is available without any need to register or use any credentials, provides access to CWE content by security SW and HW architects, EDA tool developers, verification engineers who are concerned about mitigating security risks in their products.">Quick Start</button> </a> </div> </div> </td> </tr> </table> </td> <td style="vertical-align:top;width:34%"> <table style="width:100%;border:0px" class="SideBar"> <tr> <th class="HighlightBar" colspan="2">Contribute</td> </tr> <tr> <td style="vertical-align:top;padding:0px 5px 5px 5px;border:1px solid #cccccc;"> <ul style="list-style-type:none;padding-inline-start:0px"> <li><a href="/community/submissions/overview.html">Contribute CWE Content</a></li> <li><a href="/community/working_groups.html">Participate in Working Groups</a></li> </ul> </td> </tr> </table> </td> <td style="vertical-align:top;width:33%"> <table style="width:100%;border:0px" class="SideBar"> <tr> <th class="HighlightBar">Latest News and Updates</th> </tr> <tr> <td style="vertical-align:top;padding:0px 5px 5px 5px;border:1px solid #cccccc;"> <br/> <div><span class="SideBarNewsType">News</span> <span class="SideBarNews"><a href="/news/archives/news2025.html#april03_CWE_Version_4_17_Now_Available">CWE Version 4.17 Now Available!</a></span></div> <br/> <div><span class="SideBarNewsType">News</span> <span class="SideBarNews"><a href="/news/archives/news2025.html#april03_2024_CWE_Top_10_KEV_Weaknesseses_Now_Available">“2024 CWE Top 10 KEV Weaknesses” List Now Available</a></span></div> <br/> <div><span class="SideBarNewsType">Community</span> <span class="SideBarNews"><a href="/news/archives/news2025.html#april03_CWE_Content_Development_Repository">View and Comment on Community Submissions in the “CWE Content Development Repository (CDR)”</a></span></div> <br/> <div><span class="SideBarNewsType">Community</span> <span class="SideBarNews"><a href="/news/archives/news2025.html#april03_Four_CWE_Talks_VulnCon_2025">CWE Is Focus of Four Talks at <i>VulnCon 2025</i></a></span></div> <br/> <div><span class="SideBarNewsType">News</span> <span class="SideBarNews"><a href="/news/archives/news2025.html#april03_Follow_CWE_Program_on_Bluesky">Follow the CWE Program on Bluesky</a></span></div> <br/> <div><span class="SideBarNewsType">Event</span> <span class="SideBarNews">“<a href="https://www.first.org/conference/vulncon2025/" target="_blank">VulnCon 2025,” April 7–10, 2025, Raleigh, North Carolina, USA (In-person & Virtual)</a></span></div> <br/> <br/> <div style="text-align:right"><a href="/news/index.html">See More >></a></div> <br/><br/> </td> </tr> </table> </td> </tr> </table> </div>  <div class="gcse-searchresults"></div>  <div id="More_Message_Custom" style="display:none;"> <div style="padding:15px 0px 0px 0px;color:#ff0000;font-size:95%;font-weight:bold;text-align:center;" >More information is available — Please edit the custom filter or select a different filter.</div></div> </td>  </tr> </table> <div id="FootPane" class="noprint"> <div id="footbar"> <b>Page Last Updated: </b> April 03, 2025 </div> <div class="Footer noprint"> <a name="footer" id="footer"></a> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="ltgreybackground" style="clear:both"> <tr> <td colspan="3" id="line"><div class="line"> </div></td> </tr> <tr> <td valign="middle" nowrap="nowrap"> <div id="footerlinks" class="footlogo"> <a href="http://www.mitre.org" target="_blank" rel="noopener noreferrer"><img src="/images/mitre_logo.gif" height="36" border="0" alt="MITRE" title="MITRE"/></a> </div> </td> <td width="100%" valign="top" style="padding:6px 0px;"> <div id="footerlinks"> <a href="/sitemap.html">Site Map</a> | <a href="/about/termsofuse.html">Terms of Use</a> | <a href="#" onclick="Osano.cm.showDrawer('osano-cm-dom-info-dialog-open')">Manage Cookies</a> | <a href="/about/cookie_notice.html">Cookie Notice</a> | <a href="/about/privacy_policy.html">Privacy Policy</a> | <a href="mailto:cwe@mitre.org">Contact Us</a> | <a target="_blank" href="https://x.com/CweCapec"><img src="/images/x-logo-black.png" width="18" height="18" style="border:0;vertical-align:right;" alt="CWE on X" title="CWE on X"></a> <a target="_blank" href="https://www.linkedin.com/showcase/cve-cwe-capec"><img src="/images/linkedin_sm.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on LinkedIn" title="CWE on LinkedIn"></a> <a target="_blank" href="https://bsky.app/profile/cweprogram.bsky.social"><img src="/images/bluesky_logo_sm.png" width="18" height="18" style="border:0;vertical-align:right;" alt="CWE on Bluesky" title="Bluesky"></a> <a target="_blank" href="https://mastodon.social/@CWE_Program"><img src="/images/mastodon-logo.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on Mastodon" title="CWE on Mastodon"></a> <a target="_blank" href="https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA"><img src="/images/youtube.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE YouTube channel" title="CWE YouTube Channel"></a> <a href="/news/podcast.html"><img src="/images/out_of_bounds_read_logo.png" width="22" height="22" style="border:0;vertical-align:right;" alt="CWE Out-of-Bounds-Read Podcast" title="CWE Out-of-Bounds-Read Podcast"></a> <a target="_blank" href="https://medium.com/@CWE_CAPEC"><img src="/images/medium.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Blog on Medium blog" title="CWE Blog on Medium"></a> </div> <p>Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the <a href="/about/termsofuse.html">Terms of Use</a>. CWE is sponsored by the <a target="_blank" rel="noopener noreferrer" href="https://www.dhs.gov/">U.S. Department of Homeland Security</a> (DHS) <a target="_blank" rel="noopener noreferrer" href="https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency</a> (CISA) and managed by the <a href="https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer">Homeland Security Systems Engineering and Development Institute</a> (HSSEDI) which is operated by <a target="_blank" rel="noopener noreferrer" href="http://www.mitre.org/">The MITRE Corporation</a> (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.</p> </td> <td valign="middle" nowrap="nowrap"> <div id="footerlinks" class="footlogo"> <a href="https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer"><img src="/images/hssedi.png" height="36" border="0" alt="HSSEDI" title="HSSEDI"/></a> </div> </td> </tr> </table> </div> </div>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-TCLW30GNGV"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-TCLW30GNGV'); </script> </body> </html>

CINXE.COM

CWE - Common Weakness Enumeration