CWE•Class•Draft•20 recent CVEs
CWE-610Externally Controlled Reference to a Resource in Another Sphere
Description
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Common consequences
- Confidentiality,Integrity→Read Application Data,Modify Application DataAn adversary could read or modify data, depending on how the resource is intended to be used.
- Access Control→Gain Privileges or Assume IdentityAn adversary that can supply a reference to an unintended resource can potentially access a resource that they do not have privileges for, thus bypassing existing access control mechanisms.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-457602026-05-21CVE-2026-473587.52026-05-19CVE-2026-473577.52026-05-19CVE-2026-309057.82026-05-13CVE-2026-411077.42026-05-12CVE-2026-343278.22026-05-07CVE-2026-308175.72026-04-08CVE-2026-308165.72026-04-08CVE-2026-05228.82026-04-01CVE-2026-309039.62026-03-11CVE-2026-34045.02026-03-02CVE-2026-25366.32026-02-16CVE-2026-20746.32026-02-07CVE-2026-12186.32026-01-20CVE-2025-132096.32025-11-15CVE-2025-113417.32025-10-06CVE-2025-111407.32025-09-29CVE-2025-110356.32025-09-26CVE-2025-108167.32025-09-22CVE-2025-80576.52025-09-16