CWE•Base•Incomplete•17 recent CVEs
CWE-15External Control of System or Configuration Setting
Description
One or more system settings or configuration elements can be externally controlled by a user.
Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.
Common consequences
- Other→Varies by Context
Potential mitigations
- Architecture and Design[object Object]
- Implementation,Architecture and DesignBecause setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control.
- Implementation,Architecture and DesignIn general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-463992026-06-05CVE-2026-17848.82026-06-02CVE-2019-257166.52026-06-01CVE-2026-4508710.02026-05-27CVE-2026-414898.82026-05-11CVE-2026-435317.32026-05-05CVE-2026-413847.82026-04-28CVE-2026-412948.62026-04-21CVE-2026-02322026-04-13CVE-2026-356507.52026-04-10CVE-2026-330927.82026-04-10CVE-2026-227507.52026-04-10CVE-2026-308175.72026-04-08CVE-2026-308165.72026-04-08CVE-2026-221776.12026-03-18CVE-2026-214223.42026-03-04CVE-2025-82833.72025-07-28