CWE•Base•Draft•13 recent CVEs
CWE-494Download of Code Without Integrity Check
Description
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
Common consequences
- Integrity,Availability,Confidentiality,Other→Execute Unauthorized Code or Commands,Alter Execution Logic,OtherExecuting untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate
Potential mitigations
- ImplementationPerform proper forward and reverse DNS lookups to detect DNS spoofing.
- Architecture and Design,Operation[object Object]
- Architecture and Design[object Object]
- Architecture and Design,OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad
- Architecture and Design,Operation[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-90372026-05-28CVE-2026-450582026-05-28CVE-2026-90898.82026-05-21CVE-2026-425757.52026-05-09CVE-2026-321485.92026-04-30CVE-2026-422499.82026-04-29CVE-2026-422489.82026-04-29CVE-2025-105394.82026-04-28CVE-2026-400668.82026-04-17CVE-2026-348419.82026-04-06CVE-2025-565139.82025-09-30CVE-2017-130835.32017-10-18CVE-2014-23782014-09-05