CWE•Class•Draft•12 recent CVEs
CWE-636Not Failing Securely ('Failing Open')
Description
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to "fail functional" to minimize administration and support costs, instead of "failing safe."
Common consequences
- Access Control→Bypass Protection MechanismIntended access restrictions can be bypassed, which is often contradictory to what the product's administrator expects.
Potential mitigations
- Architecture and DesignSubdivide and allocate resources and components so that a failure in one part does not affect the entire product.
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-493182.42026-05-29CVE-2026-493172.42026-05-29CVE-2026-457813.52026-05-14CVE-2026-422467.42026-05-09CVE-2026-424237.52026-04-28CVE-2026-413774.62026-04-28CVE-2026-413346.52026-04-23CVE-2026-405259.12026-04-17CVE-2026-402487.52026-04-16CVE-2026-352052026-04-09CVE-2026-350427.52026-04-06CVE-2024-37299.82024-05-02