CWE-1023: Incomplete Comparison with Missing Factors
The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
Last updated
Overview
CWE-1023 (Incomplete Comparison with Missing Factors) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
7 recorded CVEs are caused by CWE-1023 (Incomplete Comparison with Missing Factors), including 1 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 3 new CWE-1023 CVEs have been recorded so far in 2026 (3 in 2025).
- CVE-2026-7473CISA KEV
Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
Medium · CVSS 6.9 · EPSS 54th2026-06-05 - CVE-2021-23146High · CVSS 7.5 · EPSS 54th2021-11-18
- CVE-2025-62000
BullWall Ransomware Containment incomplete file inspection
Medium · CVSS 6.9 · EPSS 10th2025-12-18 - CVE-2025-55333
Windows BitLocker Security Feature Bypass Vulnerability
Medium · CVSS 6.1 · EPSS 53th2025-10-14 - CVE-2026-53839
OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation
Medium · CVSS 6.0 · EPSS 18th2026-06-12 - CVE-2024-5528Medium · CVSS 5.4 · EPSS 31th2025-02-05
- CVE-2026-48587
Potential exposure of private data via whitespace padding in Vary header
Low · CVSS 2.3 · EPSS 28th2026-06-03
Common consequences
What can happen when CWE-1023 is exploited.
Alter Execution Logic, Bypass Protection Mechanism
Affects: Integrity, Access Control
An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to detect it
Manual Static Analysis
Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.
Vulnerable example
public class Truck {Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included.
This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.
Vulnerable example
/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */Attack input
pIllustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2005-2782 — PHP remote file inclusion in web application that filters "http" and "https" URLs, but not "ftp".
- CVE-2014-6394 — Product does not prevent access to restricted directories due to partial string comparison with a public directory
Frequently asked questions
Common questions about CWE-1023.
- What is CWE-1023?
- The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
- What CVEs are caused by CWE-1023?
- 7 recorded CVEs are attributed to CWE-1023, including CVE-2026-7473, CVE-2021-23146, CVE-2025-62000. 1 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How is CWE-1023 detected?
- Manual Static Analysis: Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
- What are the consequences of CWE-1023?
- Exploiting CWE-1023 can lead to: Alter Execution Logic, Bypass Protection Mechanism.
- Is CWE-1023 actively exploited?
- Yes. 1 CWE-1023 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 7 recorded CVEs.
References
- MITRE CWE definition (CWE-1023) (opens in a new tab)
- CWE-1023 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1023
Get alerted the moment a new CWE-1023 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.